Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-9470 — yashpokharna2555 StudentManagementSystem student_trans.php confirm_logged_in sql injection

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm_logged_in of the file student_trans.…

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9469 — yashpokharna2555 StudentManagementSystem success.php sql injection

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipul…

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-42797 — Apache Syncope: JexlContextBuilder Information Disclosure

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which a…

| Information Disclosure
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9468 — dazeb cline-mcp-memory-bank index.ts handleInitializeMemoryBank path traversal

A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/inde…

| Path Traversal
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-42782 — Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…

| Misconfiguration
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9467 — debugmcp mcp-debugger server.ts handleGetSourceContext path traversal

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack i…

| Path Traversal
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9466 — Tiandy Easy7 Integrated Management Platform API Endpoint updateUserPassword password reco…

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoin…

| Authentication
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9465 — Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp sql injection

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation …

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.1 HIGH
CVE-2018-25381 — Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can injec…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.1 HIGH
CVE-2018-25380 — Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_s…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.8 HIGH
CVE-2018-25379 — Collectric CMU 1.0 SQL Injection via lang Parameter

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attacke…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.9 MEDIUM
CVE-2018-25378 — Notebook Pro 2.0 Denial of Service via Notebook Name Field

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can crea…

| Denial of Service
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.6 HIGH
CVE-2018-25377 — Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception ha…

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.6 HIGH
CVE-2018-25376 — Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH

Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling…

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.6 HIGH
CVE-2018-25375 — SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH

SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception ha…

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.7 HIGH
CVE-2018-25374 — Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers …

Remote | Path Traversal
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.6 HIGH
CVE-2018-25373 — DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting …

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.8 HIGH
CVE-2018-25372 — MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email param…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.8 HIGH
CVE-2018-25371 — mooSocial Store Plugin 2.6 SQL Injection via product parameter

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.9 MEDIUM
CVE-2018-25370 — Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious H…

Remote | Cross-Site Request Forgery
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
Showing 20 of 5810 Results