Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.2 HIGH
CVE-2026-47071 — SOCKS5 TLS upgrade ignores caller timeout in hackney

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiat…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
6.1 MEDIUM
CVE-2026-47070 — HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect t…

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackney_h3.erl passes the original request headers unchanged to th…

hackney | Remote | Information Disclosure
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
5.3 MEDIUM
CVE-2026-47069 — CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Response Splitting. The hackney_cookie:setcookie/3 function in src/hackney_cookie.erl validat…

hackney | Remote | Injection
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
8.7 HIGH
CVE-2026-47067 — Atom table exhaustion via unrecognized URL schemes in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
8.7 HIGH
CVE-2026-47066 — Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee fo…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
7.1 HIGH
CVE-2018-25381 — Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can injec…

almera_responsive_portfolio | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.1 HIGH
CVE-2018-25380 — Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_s…

Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.8 HIGH
CVE-2018-25379 — Collectric CMU 1.0 SQL Injection via lang Parameter

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attacke…

Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.9 MEDIUM
CVE-2018-25378 — Notebook Pro 2.0 Denial of Service via Notebook Name Field

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can crea…

| Denial of Service
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.6 HIGH
CVE-2018-25377 — Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception ha…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.6 HIGH
CVE-2018-25376 — Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH

Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.6 HIGH
CVE-2018-25375 — SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH

SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception ha…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.7 HIGH
CVE-2018-25374 — Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers …

meddream_pacs | Remote | Path Traversal
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.6 HIGH
CVE-2018-25373 — DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting …

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.8 HIGH
CVE-2018-25372 — MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email param…

Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.8 HIGH
CVE-2018-25371 — mooSocial Store Plugin 2.6 SQL Injection via product parameter

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality…

moosocial | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.9 MEDIUM
CVE-2018-25370 — Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious H…

admidio | Remote | Cross-Site Request Forgery
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.9 MEDIUM
CVE-2018-25369 — Visual Ping 0.8.0.0 Buffer Overflow Denial of Service

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious p…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.7 HIGH
CVE-2018-25368 — Nord VPN 6.14.31 Denial of Service via Password Field

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers ca…

nordvpn | Remote | Denial of Service
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.9 MEDIUM
CVE-2018-25367 — NASA openVSP 3.16.1 Denial of Service via Buffer Overflow

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
Showing 20 of 6714 Results