Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2018-25433 — Joomla JE Photo Gallery 1.1 SQL Injection via categoryid

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categor…

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.6 HIGH
CVE-2018-25432 — Arm Whois 3.11 Buffer Overflow via ASLR Bypass

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input fi…

| Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2018-25431 — No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can …

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2018-25430 — Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers …

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2018-25429 — Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can…

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.8 HIGH
CVE-2018-25428 — Paroiciel 11.20 SQL Injection via tRecIdListe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers…

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
9.8 CRITICAL
CVE-2018-25427 — Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers ca…

Remote | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.7 LOW
CVE-2026-5419 — Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive informat…

enterprise_linux openshift_container_platform enterprise_linux hardened_images libefiboot | Remote | Information Disclosure
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.0 MEDIUM
CVE-2026-49433 — DeepAI api.deepai.org/change_user_email CSRF

The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacke…

Remote | Cross-Site Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.3 MEDIUM
CVE-2026-49140 — Nanobot < 0.2.1 Denial of Service via Matrix Media Download Handler

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth b…

nanobot | Remote | Denial of Service
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.0 HIGH
CVE-2026-49139 — Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su…

nanobot | Remote | Server-Side Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.3 MEDIUM
CVE-2026-49138 — Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL th…

nanobot | Remote | Server-Side Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.7 HIGH
CVE-2026-49136 — Banana Slides 0.4.0 Path Traversal via generate_image() in ai_service.py

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to…

Remote | Path Traversal
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-49135 — CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictabl…

| Misconfiguration
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-49134 — CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in tempora…

Remote | Race Condition
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.2 HIGH
CVE-2026-37234 — FlexRIC xApp ID Resource Leak

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen…

Remote | Information Disclosure
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.2 HIGH
CVE-2026-24751 — Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra…

kiteworks | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
5.0 MEDIUM
CVE-2026-10289 — code-projects Hotel and Tourism Reservation System tour.php cross site scripting

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name…

hotel_and_tourism_reservation_system | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-10288 — code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify …

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Su…

hotel_and_tourism_reservation_system | Remote | Authentication
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-10287 — SourceCodester SEO Meta Tag Extractor index.php get_headers server-side request forgery

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the argument url causes s…

seo_meta_tag_extractor | Remote | Server-Side Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
Showing 20 of 7244 Results