Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2018-25367 — NASA openVSP 3.16.1 Denial of Service via Buffer Overflow

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri…

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.6 HIGH
CVE-2018-25366 — CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a p…

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.7 HIGH
CVE-2018-25365 — PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use pat…

Remote | Path Traversal
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.8 HIGH
CVE-2018-25364 — Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can sub…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
5.3 MEDIUM
CVE-2018-25363 — Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms t…

Remote | Cross-Site Request Forgery
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.8 HIGH
CVE-2018-25362 — Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit unio…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.0 HIGH
CVE-2018-25361 — Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption k…

| Authentication
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.6 HIGH
CVE-2018-25360 — AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured ex…

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.6 HIGH
CVE-2018-25359 — Splinterware System Scheduler Pro 5.12 Privilege Escalation

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can …

| Misconfiguration
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9078 — Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portio…

| Information Disclosure
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.7 HIGH
CVE-2026-47073 — Unbounded memory consumption in WebSocket client in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackney_ws.erl imposes no upper bound on memory consumption in three…

Remote | Denial of Service
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.7 HIGH
CVE-2026-47067 — Atom table exhaustion via unrecognized URL schemes in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM…

Remote | Denial of Service
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.9 MEDIUM
CVE-2026-47072 — CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host,…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.9 MEDIUM
CVE-2026-47076 — SSRF allowlist bypass via percent-encoded host in hackney

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host component after the URL has been parsed into a #hackney_url{}…

| Server-Side Request Forgery
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.0 MEDIUM
CVE-2026-47070 — HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect t…

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackney_h3.erl passes the original request headers unchanged to th…

Remote | Information Disclosure
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.8 MEDIUM
CVE-2026-47075 — CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL …

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.2 HIGH
CVE-2026-47077 — Unbounded body accumulation in HTTP/3 response loop in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size…

Remote | Denial of Service
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.2 HIGH
CVE-2026-47071 — SOCKS5 TLS upgrade ignores caller timeout in hackney

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiat…

Remote | Denial of Service
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.7 HIGH
CVE-2026-47066 — Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee fo…

Remote | Denial of Service
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
2.1 LOW
CVE-2026-47069 — CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Response Splitting. The hackney_cookie:setcookie/3 function in src/hackney_cookie.erl validat…

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
Showing 20 of 5869 Results