Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.7 MEDIUM
CVE-2026-5165 — Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset

A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. …

| Memory Corruption
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.7 MEDIUM
CVE-2026-5164 — Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap reque…

A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input val…

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
8.7 HIGH
CVE-2026-3321 — Authorization Bypass in ON24 Q&A chat

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated…

Remote | Authorization
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
4.6 MEDIUM
CVE-2026-28528 — BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Und…

BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker w…

| Memory Corruption
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
3.5 LOW
CVE-2026-28527 — BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handle…

BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allo…

| Information Disclosure
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
3.5 LOW
CVE-2026-28526 — BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers O…

BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows att…

| Memory Corruption
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
0.0 NA
CVE-2026-5122 — osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a mani…

| Information Disclosure
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
7.1 HIGH
CVE-2026-4315 — WatchGuard Firebox Cross-Site Request Forgery (CSRF) in Fireware Web UI

A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing…

Remote | Cross-Site Request Forgery
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
8.4 HIGH
CVE-2026-4266 — WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code i…

| Misconfiguration
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.9 MEDIUM
CVE-2019-25655 — Device Monitoring Studio 8.10.00.8925 Denial of Service

Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection …

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
8.7 HIGH
CVE-2019-25654 — Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a ma…

Remote | Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.9 MEDIUM
CVE-2019-25653 — Navicat for Oracle 12.1.15 Password Field Denial of Service

Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can…

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.9 MEDIUM
CVE-2018-25235 — NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively lon…

| Memory Corruption
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.9 MEDIUM
CVE-2018-25234 — SmartFTP Client 9.0.2615.0 Denial of Service via Host Field

SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can pas…

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.9 MEDIUM
CVE-2018-25233 — WebDrive 18.00.5057 Denial of Service via Secure WebDAV

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV …

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.8 MEDIUM
CVE-2018-25232 — Softros LAN Messenger 9.2 Denial of Service via Log Files Location

Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location fiel…

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.9 MEDIUM
CVE-2018-25231 — HeidiSQL 9.5.0.5196 Denial of Service via Preferences

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers ca…

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.8 MEDIUM
CVE-2018-25230 — Free IP Switcher 3.1 Denial of Service via Computer Name

Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can pa…

| Memory Corruption
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.8 MEDIUM
CVE-2018-25229 — BulletProof FTP Server 2019.0.0.50 Denial of Service via SMTP

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string…

| Denial of Service
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
6.9 MEDIUM
CVE-2018-25228 — NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service

NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious c…

| Memory Corruption
Mar 30, 2026 Mar 30, 2026
Mar 30, 2026
Mar 30, 2026
Showing 20 of 5894 Results