Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2019-25707 — eBrigade ERP 4.5 SQL Injection via pdf.php

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can sen…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.7 HIGH
CVE-2019-25706 — Across DR-810 ROM-0 Unauthenticated File Disclosure

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request…

Remote | Information Disclosure
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.6 HIGH
CVE-2019-25705 — Echo Mirage 3.1 Stack Buffer Overflow via Rules Action Field

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action fiel…

| Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.1 HIGH
CVE-2019-25703 — ImpressCMS 1.3.11 SQL Injection via bid Parameter

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attacke…

impresscms | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.6 HIGH
CVE-2019-25701 — Easy Video to iPod Converter 1.6.20 Local Buffer Overflow SEH

Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers …

easy_video_to_ipod_converter | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.1 HIGH
CVE-2019-25699 — Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and b…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.8 HIGH
CVE-2019-25697 — CMSsite 1.0 SQL Injection via category.php

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET req…

victor_cms | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.6 HIGH
CVE-2019-25695 — R 3.4.4 Local Buffer Overflow Windows XP SP3

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payl…

r | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.1 HIGH
CVE-2019-25693 — ResourceSpace 8.6 SQL Injection via collection_edit.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.6 HIGH
CVE-2019-25691 — Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitati…

| Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.6 HIGH
CVE-2019-25689 — HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payl…

html5_video_player | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.6 HIGH
CVE-2018-25258 — RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers c…

| Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.1 HIGH
CVE-2018-25257 — Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileF…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
6.1 MEDIUM
CVE-2017-20239 — MDwiki Cross-Site Scripting via Location Hash Parameter

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft …

Remote | Cross-Site Scripting
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.5 HIGH
CVE-2026-6126 — zhayujie chatgpt-on-wechat CowAgent Administrative HTTP Endpoint missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missin…

Remote | Authentication
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
6.5 MEDIUM
CVE-2026-6125 — Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6124 — Tenda F451 httpd SafeMacFilter fromSafeMacFilter stack-based overflow

A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of t…

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6123 — Tenda F451 httpd addressNat fromAddressNat stack-based overflow

A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys resul…

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6122 — Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page le…

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6121 — Tenda F451 httpd WrlclientSet stack-based overflow

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO …

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
Showing 20 of 6027 Results