| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-25001 | An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can ... | E | |
| CVE-2018-25002 | uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation... | | |
| CVE-2018-25004 | Invariant failure when explaining a find with a UUID | S | |
| CVE-2018-25007 | Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 | S | |
| CVE-2018-25008 | In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut met... | S | |
| CVE-2018-25009 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().... | S | |
| CVE-2018-25010 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().... | S | |
| CVE-2018-25011 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().... | S | |
| CVE-2018-25012 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().... | S | |
| CVE-2018-25013 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().... | S | |
| CVE-2018-25014 | A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().... | S | |
| CVE-2018-25015 | An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/so... | E S | |
| CVE-2018-25016 | Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Heade... | S | |
| CVE-2018-25017 | RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.... | S | |
| CVE-2018-25018 | UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadR... | E S | |
| CVE-2018-25019 | LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2018-25020 | The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an ins... | S | |
| CVE-2018-25021 | The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain cond... | E | |
| CVE-2018-25022 | The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which a... | E S | |
| CVE-2018-25023 | An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized... | E | |
| CVE-2018-25024 | An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an im... | | |
| CVE-2018-25025 | An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the l... | | |
| CVE-2018-25026 | An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker tr... | | |
| CVE-2018-25027 | An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cau... | | |
| CVE-2018-25028 | An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a... | | |
| CVE-2018-25029 | The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure prot... | E | |
| CVE-2018-25030 | Mirmay Secure Private Browser / File Manager Auto Lock improper authentication | E | |
| CVE-2018-25031 | Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuadin... | S | |
| CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has... | E S | |
| CVE-2018-25033 | ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from... | E S | |
| CVE-2018-25034 | Thomson TCW710 wlanPrimaryNetwork Persistent cross site scripting | E | |
| CVE-2018-25035 | Thomson TCW710 RGFirewallEL Persistent cross site scriting | E | |
| CVE-2018-25036 | Thomson TCW710 RgTime Persistent cross site scriting | E | |
| CVE-2018-25037 | Thomson TCW710 RgDdns Persistent cross site scriting | E | |
| CVE-2018-25038 | Thomson TCW710 RgDhcp Persistent cross site scriting | E | |
| CVE-2018-25039 | Thomson TCW710 RgUrlBlock.asp Persistent cross site scriting | E | |
| CVE-2018-25040 | uTorrent Web HTTP RPC Server privileges management | E | |
| CVE-2018-25041 | uTorrent JSON RPC Server privileges management | E | |
| CVE-2018-25042 | uTorrent memory corruption | E | |
| CVE-2018-25043 | uTorrent PRNG improper authentication | E | |
| CVE-2018-25044 | uTorrent Guest Account privileges management | E | |
| CVE-2018-25045 | Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Br... | S | |
| CVE-2018-25046 | Path traversal in code.cloudfoundry.org/archiver | S | |
| CVE-2018-25047 | In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web pag... | E S | |
| CVE-2018-25048 | Codesys Runtime Improper Limitation of a Pathname | | |
| CVE-2018-25049 | email-existence index.js redos | S | |
| CVE-2018-25050 | Harvest Chosen abstract-chosen.coffee AbstractChosen cross site scripting | S | |
| CVE-2018-25051 | JmPotato Pomash editor.html cross site scripting | S | |
| CVE-2018-25052 | Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scripting | S | |
| CVE-2018-25053 | moappi Json2html json2html.js cross site scripting | S | |
| CVE-2018-25054 | shred cilla Search search.jsp cross site scripting | S | |
| CVE-2018-25055 | FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scripting | E S | |
| CVE-2018-25056 | yolapi metadata.py render_description cross site scripting | S | |
| CVE-2018-25057 | simple_php_link_shortener index.php sql injection | S | |
| CVE-2018-25058 | Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbing | S | |
| CVE-2018-25059 | pastebinit server.go pasteHandler path traversal | S | |
| CVE-2018-25060 | Macaron csrf csrf.go missing secure attribute | S | |
| CVE-2018-25061 | rgb2hex redos | S | |
| CVE-2018-25062 | flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service | S | |
| CVE-2018-25063 | Zenoss Dashboard defaultportlets.js cross site scripting | S | |
| CVE-2018-25064 | OSM Lab show-me-the-way site.js cross site scripting | S | |
| CVE-2018-25065 | Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php cross site scripting | S | |
| CVE-2018-25066 | PeterMu nodebatis sql injection | S | |
| CVE-2018-25067 | JoomGallery Image Sort default.php sql injection | S | |
| CVE-2018-25068 | devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp file | S | |
| CVE-2018-25069 | Netis Netcore Router hard-coded password | | |
| CVE-2018-25070 | polterguy Phosphorus Five CSV Import NonQuery.cs csv.Read sql injection | S | |
| CVE-2018-25071 | roxlukas LMeve proxy.php insert_log sql injection | S | |
| CVE-2018-25072 | lojban jbovlaste listing.html sql injection | S | |
| CVE-2018-25073 | Newcomer1989 TSN-Ranksystem bot.php getlog cross site scripting | S | |
| CVE-2018-25074 | Prestaul skeemas base.js redos | S | |
| CVE-2018-25075 | karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injection | S | |
| CVE-2018-25076 | Events Extension events.php searchResults sql injection | S | |
| CVE-2018-25077 | melnaron mel-spintax spintax.js redos | S | |
| CVE-2018-25078 | man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root ... | E | |
| CVE-2018-25079 | Segmentio is-url index.js redos | S | |
| CVE-2018-25080 | MobileDetect Example session_example.php initLayoutType cross site scripting | E S | |
| CVE-2018-25081 | Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the... | E | |
| CVE-2018-25082 | zwczou WeChat SDK Python to_xml xml external entity reference | S | |
| CVE-2018-25083 | The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an a... | E S | |
| CVE-2018-25084 | Ping Identity Self-Service Account Manager SSAMController.java cross site scripting | S | |
| CVE-2018-25085 | Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting | S | |
| CVE-2018-25086 | sea75300 FanPress CM Template Preview templatepreview.php getArticlesPreview cross site scripting | S | |
| CVE-2018-25087 | Arborator Server project.cgi start denial of service | S | |
| CVE-2018-25088 | Blue Yonder postgraas_server PostgreSQL Backend postgres_cluster_driver.py create_postgres_db sql injection | S | |
| CVE-2018-25089 | glb Meetup Tag Extension Link Attribute reverse tabnabbing | S | |
| CVE-2018-25090 | Wago: Improper Neutralization of Input During Web Page Generation in multiple devices | | |
| CVE-2018-25091 | urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin re... | S | |
| CVE-2018-25092 | Vaerys-Dawn DiscordSailv2 Command Mention access control | S | |
| CVE-2018-25093 | Vaerys-Dawn DiscordSailv2 Tag access control | S | |
| CVE-2018-25094 | ระบบบัญชีออนไลน์ Online Accounting System image.php path traversal | S | |
| CVE-2018-25095 | Duplicator < 1.3.0 - Unauthenticated RCE | E | |
| CVE-2018-25096 | MdAlAmin-aol Own Health Record logout.php cross-site request forgery | S | |
| CVE-2018-25097 | Acumos Design Studio cross site scripting | S | |
| CVE-2018-25098 | blockmason credit-protocol UCAC CreditProtocol.sol executeUcacTx denial of service | S | |
| CVE-2018-25099 | In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify... | | |
| CVE-2018-25100 | The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multip... | | |
| CVE-2018-25101 | l2c2technologies Koha opac-MARCdetail.pl cross site scripting | S | |
| CVE-2018-25103 | Use-after-free vulnerabilities in lighttpd <= 1.4.50 | | |
| CVE-2018-25104 | CoinGate Plugin Payment callback.php postProcess logic error | S | |
| CVE-2018-25105 | File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download | S | |
| CVE-2018-25106 | webuidesigning NebulaX Theme Legacy.php nebula_send_to_hubspot sql injection | S | |
| CVE-2018-25107 | The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() functio... | | |
| CVE-2018-25108 | WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption | | |
| CVE-2018-25109 | Nintendo Animal Crossing Letter Trigram ac-exploit-gc memory corruption | E | |
| CVE-2018-25110 | Regular Expression Denial of Service (ReDoS) in markedjs/marked | E S |