Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2025-48570 — PipTaskOrganizer Confused Deputy Activity Launch Vulnerability

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no ad…

android | Authorization
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2025-32348 — Android System Privilege Escalation

In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede…

android | Authorization
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2025-26418 — CarDevicePolicyService: Privilege Escalation via User Dialog Bypass

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This c…

android | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
7.8 HIGH
CVE-2025-22426 — ComputerEngine Local Privilege Escalation via URI Access Vulnerability

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional exe…

android | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
7.8 HIGH
CVE-2025-22424 — Example: Cross-Site Scripting in Example Product

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…

android | Information Disclosure
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
7.1 HIGH
CVE-2019-25716 — Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet…

| Denial of Service
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
6.9 MEDIUM
CVE-2018-25435 — ZeusCart 4.0 Deactivate Customer Accounts CSRF

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate cu…

zeuscart | Remote | Cross-Site Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.8 HIGH
CVE-2018-25434 — WP AutoSuggest 0.24 SQL Injection via autosuggest.php

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attacke…

autosuggest | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.8 HIGH
CVE-2018-25433 — Joomla JE Photo Gallery 1.1 SQL Injection via categoryid

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categor…

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.6 HIGH
CVE-2018-25432 — Arm Whois 3.11 Buffer Overflow via ASLR Bypass

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input fi…

| Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2018-25431 — No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can …

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2018-25430 — Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers …

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2018-25429 — Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can…

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.8 HIGH
CVE-2018-25428 — Paroiciel 11.20 SQL Injection via tRecIdListe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers…

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
9.8 CRITICAL
CVE-2018-25427 — Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers ca…

Remote | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.7 LOW
CVE-2026-5419 — Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive informat…

enterprise_linux openshift_container_platform enterprise_linux hardened_images libefiboot | Remote | Information Disclosure
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.0 MEDIUM
CVE-2026-49433 — DeepAI api.deepai.org/change_user_email CSRF

The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacke…

Remote | Cross-Site Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.3 MEDIUM
CVE-2026-49140 — Nanobot < 0.2.1 Denial of Service via Matrix Media Download Handler

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth b…

nanobot | Remote | Denial of Service
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.0 HIGH
CVE-2026-49139 — Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su…

nanobot | Remote | Server-Side Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.3 MEDIUM
CVE-2026-49138 — Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL th…

nanobot | Remote | Server-Side Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
Showing 20 of 7361 Results