Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
3.5 LOW
CVE-2026-35679 — Zcash Zcashd Denial of Service/Currency Drain Vulnerability

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was someti…

Remote | Misconfiguration
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5596 — griptape-ai griptape SqlTool tool.py sql injection

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipul…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25704 — Kados R10 GreenBee SQL Injection via filter_user_mail

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafte…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25702 — Kados R10 GreenBee SQL Injection via id_project Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requ…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25700 — Kados R10 GreenBee SQL Injection via sort_direction Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malici…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25698 — Kados R10 GreenBee SQL Injection via id_to_delete Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted re…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25696 — Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit maliciou…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25694 — Kados R10 GreenBee SQL Injection via user2reset

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can s…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25692 — Kados R10 GreenBee SQL Injection via id_to_modify Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted …

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25690 — Kados R10 GreenBee SQL Injection via mng_profile_id

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted …

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25688 — Kados R10 GreenBee SQL Injection via menu_lev1 Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can se…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
9.8 CRITICAL
CVE-2019-25687 — Pegasus CMS 1.0 Remote Code Execution via extra_fields.php

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionali…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.7 HIGH
CVE-2019-25686 — Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service

Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffe…

Remote | Denial of Service
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25685 — phpBB Arbitrary File Upload via Phar Deserialization

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can …

Remote | Misconfiguration
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25684 — OpenDocMan 1.3.4 SQL Injection via where Parameter

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send G…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.9 MEDIUM
CVE-2019-25683 — FileZilla 3.40.0 Denial of Service via Local Search

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can …

| Denial of Service
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
5.3 MEDIUM
CVE-2019-25682 — CMSsite 1.0 Cross-Site Request Forgery via users.php

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticate…

Remote | Cross-Site Request Forgery
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.6 HIGH
CVE-2019-25681 — Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted bu…

| Memory Corruption
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.8 HIGH
CVE-2019-25680 — Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parame…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
8.5 HIGH
CVE-2019-25679 — RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying …

| Memory Corruption
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
Showing 20 of 5884 Results