Search
2,565 CVEs · Medium severity
CVEs (2,565, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 2,565 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-20064 | MEDIUM | 6.2 | 2026-06-09 | WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the inc… | |
| CVE-2017-20240 | MEDIUM | Patched | 5.9 | 2026-06-12 | Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used t… |
| CVE-2018-25321 | MEDIUM | Patched | 4.3 | 2026-05-17 | TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malic… |
| CVE-2018-25324 | MEDIUM | Patched | 6.2 | 2026-05-17 | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting nu… |
| CVE-2018-25327 | MEDIUM | 5.3 | 2026-05-17 | Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attack… | |
| CVE-2018-25331 | MEDIUM | 6.1 | 2026-05-17 | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form paramet… | |
| CVE-2018-25334 | MEDIUM | 5.4 | 2026-05-17 | Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The applica… | |
| CVE-2018-25336 | MEDIUM | 5.3 | 2026-05-17 | Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attac… | |
| CVE-2018-25337 | MEDIUM | 4.3 | 2026-05-17 | Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers … | |
| CVE-2018-25343 | MEDIUM | 4.3 | 2026-05-23 | Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requ… | |
| CVE-2018-25349 | MEDIUM | 6.1 | 2026-05-23 | userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send… | |
| CVE-2018-25354 | MEDIUM | 4.3 | 2026-05-23 | Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users … | |
| CVE-2018-25361 | MEDIUM | 6.8 | 2026-05-25 | Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries us… | |
| CVE-2018-25363 | MEDIUM | 4.3 | 2026-05-25 | Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attacker… | |
| CVE-2018-25367 | MEDIUM | 6.2 | 2026-05-25 | NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry na… | |
| CVE-2018-25369 | MEDIUM | 6.2 | 2026-05-25 | Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attac… | |
| CVE-2018-25370 | MEDIUM | 5.3 | 2026-05-25 | Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Atta… | |
| CVE-2018-25378 | MEDIUM | 6.2 | 2026-05-25 | Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook nam… | |
| CVE-2018-25384 | MEDIUM | 5.4 | 2026-05-29 | Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text p… | |
| CVE-2018-25387 | MEDIUM | 5.3 | 2026-05-29 | HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update en… | |
| CVE-2018-25393 | MEDIUM | 6.5 | 2026-05-29 | Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id … | |
| CVE-2018-25397 | MEDIUM | 5.3 | 2026-05-29 | PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attacke… | |
| CVE-2018-25421 | MEDIUM | 6.5 | 2026-05-30 | Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can s… | |
| CVE-2018-25423 | MEDIUM | 6.2 | 2026-05-30 | Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a m… | |
| CVE-2018-25435 | MEDIUM | 5.3 | 2026-06-01 | ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. … |