Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-27174 — MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval

MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to conti…

majordomo majordomo | Remote | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.5 HIGH
CVE-2026-24744 — InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Invoices functions of InvoiceP…

invoiceplane | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.5 HIGH
CVE-2026-24743 — InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of In…

invoiceplane | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
8.7 HIGH
CVE-2019-25401 — Bematech Printer MP-4200 TH Denial of Service

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malfo…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
5.4 MEDIUM
CVE-2019-25400 — IPFire 2.21 Core Update 127 Multiple XSS via fwhosts.cgi

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters inc…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.4 MEDIUM
CVE-2019-25399 — IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID par…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25398 — IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. At…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25397 — IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. A…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25396 — IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attacker…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2019-25365 — ChaosPro 2.0 - Buffer Overflow

ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attacker…

Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
9.8 CRITICAL
CVE-2019-25364 — Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow

MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 se…

mailcarrier | Remote | Memory Corruption
Feb 18, 2026 Feb 24, 2026
Feb 18, 2026
Feb 24, 2026
8.4 HIGH
CVE-2019-25363 — WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 60…

wmv_to_avi_mpeg_dvd_wmv_convertor | Memory Corruption
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2019-25362 — WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers …

wmv_to_avi_mpeg_dvd_wmv_convertor | Remote | Memory Corruption
Feb 18, 2026 Feb 27, 2026
Feb 18, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2019-25361 — Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST comma…

Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
9.8 CRITICAL
CVE-2019-25360 — Aida64 6.10.5200 - Buffer Overflow

Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers…

aida64 | Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.8 HIGH
CVE-2019-25359 — SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit…

Remote | Injection
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2019-25358 — FileOptimizer 14.00.2524 - Denial of Service

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite …

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.4 HIGH
CVE-2019-25357 — Control Center PRO 6.2.9 - Local Stack Based BufferOverflow

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attac…

control_center | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
6.1 MEDIUM
CVE-2019-25356 — Bematech Printer MP-4200 TH Cross-Site Scripting

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST…

Remote | Cross-Site Scripting
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2019-25355 — Genivia gSOAP 2.8 - 'gSOAP' Path Traversal

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive fi…

gsoap | Remote | Path Traversal
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
Showing 20 of 5069 Results