Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2019-25398 — IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. At…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25397 — IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. A…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25396 — IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attacker…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2019-25365 — ChaosPro 2.0 - Buffer Overflow

ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attacker…

Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
9.8 CRITICAL
CVE-2019-25364 — Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow

MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 se…

mailcarrier | Remote | Memory Corruption
Feb 18, 2026 Feb 24, 2026
Feb 18, 2026
Feb 24, 2026
8.4 HIGH
CVE-2019-25363 — WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 60…

wmv_to_avi_mpeg_dvd_wmv_convertor | Memory Corruption
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2019-25362 — WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers …

wmv_to_avi_mpeg_dvd_wmv_convertor | Remote | Memory Corruption
Feb 18, 2026 Feb 27, 2026
Feb 18, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2019-25361 — Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST comma…

Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
9.8 CRITICAL
CVE-2019-25360 — Aida64 6.10.5200 - Buffer Overflow

Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers…

aida64 | Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.8 HIGH
CVE-2019-25359 — SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit…

Remote | Injection
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2019-25358 — FileOptimizer 14.00.2524 - Denial of Service

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite …

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.4 HIGH
CVE-2019-25357 — Control Center PRO 6.2.9 - Local Stack Based BufferOverflow

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attac…

control_center | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
6.1 MEDIUM
CVE-2019-25356 — Bematech Printer MP-4200 TH Cross-Site Scripting

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST…

Remote | Cross-Site Scripting
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2019-25355 — Genivia gSOAP 2.8 - 'gSOAP' Path Traversal

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive fi…

gsoap | Remote | Path Traversal
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
7.5 HIGH
CVE-2019-25354 — iSmartViewPro 1.3.34 - Denial of Service

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer int…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
7.5 HIGH
CVE-2019-25353 — Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service

Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2019-25352 — Genivia Crystal Live HTTP Server 6.01 - 'Crystal Live HTTP Server' Path Traversal

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequ…

Remote | Path Traversal
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.8 HIGH
CVE-2019-25351 — Centova Cast 3.2.11 - Arbitrary File Download

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the v…

Remote | Path Traversal
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
7.5 HIGH
CVE-2019-25350 — XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service

XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
7.5 HIGH
CVE-2019-25349 — scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
Showing 20 of 5050 Results