Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2019-25358 — FileOptimizer 14.00.2524 - Denial of Service

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite …

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.4 HIGH
CVE-2019-25357 — Control Center PRO 6.2.9 - Local Stack Based BufferOverflow

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attac…

control_center | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
6.1 MEDIUM
CVE-2019-25356 — Bematech Printer MP-4200 TH Cross-Site Scripting

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST…

Remote | Cross-Site Scripting
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2019-25355 — Genivia gSOAP 2.8 - 'gSOAP' Path Traversal

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive fi…

gsoap | Remote | Path Traversal
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
7.5 HIGH
CVE-2019-25354 — iSmartViewPro 1.3.34 - Denial of Service

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer int…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
7.5 HIGH
CVE-2019-25353 — Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service

Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2019-25352 — Genivia Crystal Live HTTP Server 6.01 - 'Crystal Live HTTP Server' Path Traversal

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequ…

Remote | Path Traversal
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.8 HIGH
CVE-2019-25351 — Centova Cast 3.2.11 - Arbitrary File Download

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the v…

Remote | Path Traversal
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
7.5 HIGH
CVE-2019-25350 — XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service

XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
7.5 HIGH
CVE-2019-25349 — scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
6.2 MEDIUM
CVE-2019-25326 — ipPulse 1.92 - 'Enter Key' Denial of Service

ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte …

ippulse | Denial of Service
Feb 18, 2026 Feb 24, 2026
Feb 18, 2026
Feb 24, 2026
7.5 HIGH
CVE-2026-2668 — Rongzhitong Visual Integrated Command and Dispatch Platform User add access control

A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handl…

visual_integrated_command_and_dispatch_platform | Remote | Authorization
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
5.5 MEDIUM
CVE-2026-2667 — Rongzhitong Visual Integrated Command and Dispatch Platform api access control

A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The m…

visual_integrated_command_and_dispatch_platform | Remote | Authorization
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
7.5 HIGH
CVE-2026-24746 — InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePla…

invoiceplane | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.2 HIGH
CVE-2026-1999 — Server-Side Request Forgery in GitHub Enterprise Server Webhook Delivery Allows Access to…

A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses…

enterprise_server | Remote | Authorization
Feb 18, 2026 Mar 03, 2026
Feb 18, 2026
Mar 03, 2026
6.5 MEDIUM
CVE-2026-1355 — Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Re…

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing…

enterprise_server | Remote | Authorization
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
6.3 MEDIUM
CVE-2026-1200 — Remote code execution via segmentation fault in increasebufferto function

A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption pr…

Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2026-0665 — Qemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall …

qemu | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
9.0 CRITICAL
CVE-2026-0573 — Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Ser…

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely foll…

enterprise_server | Remote | Server-Side Request Forgery
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
3.3 LOW
CVE-2025-8860 — Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap …

qemu | Information Disclosure
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
Showing 20 of 5072 Results