Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-5604 — Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow

A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Perfo…

| Memory Corruption
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
0.0 NA
CVE-2026-5603 — elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command in…

| Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
5.5 MEDIUM
CVE-2026-5601 — Acrel Electrical Prepaid Cloud Platform Backup File bin.rar information disclosure

A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation result…

Remote | Information Disclosure
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5597 — griptape-ai griptape ComputerTool tool.py path traversal

A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument …

Remote | Path Traversal
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.1 HIGH
CVE-2026-4272 — CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432…

Remote | Authentication
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
3.5 LOW
CVE-2026-35679 — Zcash Zcashd Denial of Service/Currency Drain Vulnerability

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was someti…

Remote | Misconfiguration
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
0.0 NA
CVE-2026-5602 — Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_he…

| Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5596 — griptape-ai griptape SqlTool tool.py sql injection

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipul…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25704 — Kados R10 GreenBee SQL Injection via filter_user_mail

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafte…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25702 — Kados R10 GreenBee SQL Injection via id_project Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requ…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25700 — Kados R10 GreenBee SQL Injection via sort_direction Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malici…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25698 — Kados R10 GreenBee SQL Injection via id_to_delete Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted re…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25696 — Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit maliciou…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25694 — Kados R10 GreenBee SQL Injection via user2reset

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can s…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25692 — Kados R10 GreenBee SQL Injection via id_to_modify Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted …

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25690 — Kados R10 GreenBee SQL Injection via mng_profile_id

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted …

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25688 — Kados R10 GreenBee SQL Injection via menu_lev1 Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can se…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
9.8 CRITICAL
CVE-2019-25687 — Pegasus CMS 1.0 Remote Code Execution via extra_fields.php

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionali…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.7 HIGH
CVE-2019-25686 — Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service

Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffe…

Remote | Denial of Service
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25685 — phpBB Arbitrary File Upload via Phar Deserialization

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can …

Remote | Misconfiguration
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
Showing 20 of 5879 Results