Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2019-25317 — Kimai 2- persistent cross-site scripting (XSS)

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the desc…

kimai | Remote | Cross-Site Scripting
Feb 11, 2026 Feb 19, 2026
Feb 11, 2026
Feb 19, 2026
6.4 MEDIUM
CVE-2019-25316 — GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the Cr…

goautodial goautodial_api | Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2019-25315 — WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log fil…

Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2019-25314 — Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, m…

duplicate_post | Remote | Cross-Site Scripting
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
6.4 MEDIUM
CVE-2019-25312 — InoERP 0.7.2 - Persistent Cross-Site Scripting

InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with Java…

inoerp | Remote | Cross-Site Scripting
Feb 11, 2026 Mar 02, 2026
Feb 11, 2026
Mar 02, 2026
6.4 MEDIUM
CVE-2019-25311 — thesystem Persistent XSS

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafte…

password_management_application | Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
8.5 HIGH
CVE-2019-25310 — ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exp…

| Misconfiguration
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
8.5 HIGH
CVE-2019-25309 — Zilab Remote Console Server 3.2.9 - 'Zilab Remote Console Server' Unquoted Service Path

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can expl…

| Misconfiguration
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
8.5 HIGH
CVE-2019-25308 — Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code w…

mikogo | Misconfiguration
Feb 11, 2026 Feb 26, 2026
Feb 11, 2026
Feb 26, 2026
8.5 HIGH
CVE-2019-25307 — WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the u…

| Misconfiguration
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
8.5 HIGH
CVE-2019-25306 — BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted…

| Misconfiguration
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2018-25157 — Phraseanet 4.0.3 Stored XSS via Document Upload

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upl…

Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
8.7 HIGH
CVE-2026-2337 — Refleccted XSS on Plunet BusinessManager

A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.

Remote | Authentication
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
7.0 HIGH
CVE-2026-1227 — EBO XML External Entity Reference Vulnerability

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service co…

| XML External Entity
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
7.0 HIGH
CVE-2026-1226 — CorelDRAW Code Injection Vulnerability

CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is proces…

| Injection
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-0910 — wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' func…

wpforo_forum | Remote | Injection
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
9.4 CRITICAL
CVE-2025-8668 — Reflected XSS in E-Kalite Software Hardware Engineering's Turboard

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd…

Remote | Cross-Site Scripting
Feb 11, 2026 Mar 04, 2026
Feb 11, 2026
Mar 04, 2026
6.5 MEDIUM
CVE-2026-22894 — File Station 5

A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files …

file_station | Remote | Path Traversal
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
9.8 CRITICAL
CVE-2025-8025 — Improper Access Control in Dinosoft Business Solutions' Dinosoft ERP

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This is…

Remote | Authentication
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2025-68406 — Qsync Central

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files o…

qsync_central | Remote | Path Traversal
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
Showing 20 of 5087 Results