Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2018-25370 — Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious H…

admidio | Remote | Cross-Site Request Forgery
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.9 MEDIUM
CVE-2018-25369 — Visual Ping 0.8.0.0 Buffer Overflow Denial of Service

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious p…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.7 HIGH
CVE-2018-25368 — Nord VPN 6.14.31 Denial of Service via Password Field

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers ca…

nordvpn | Remote | Denial of Service
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.9 MEDIUM
CVE-2018-25367 — NASA openVSP 3.16.1 Denial of Service via Buffer Overflow

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.6 HIGH
CVE-2018-25366 — CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a p…

cuteftp | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.7 HIGH
CVE-2018-25365 — PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use pat…

Remote | Path Traversal
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.8 HIGH
CVE-2018-25364 — Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can sub…

Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.3 MEDIUM
CVE-2018-25363 — Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms t…

Remote | Cross-Site Request Forgery
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.8 HIGH
CVE-2018-25362 — Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit unio…

Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.0 HIGH
CVE-2018-25361 — Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption k…

| Authentication
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.6 HIGH
CVE-2018-25360 — AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured ex…

| Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.6 HIGH
CVE-2018-25359 — Splinterware System Scheduler Pro 5.12 Privilege Escalation

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can …

| Misconfiguration
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9461 — Edimax EW-7438RPn formRadius stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-ba…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9460 — Edimax EW-7438RPn formAccept stack-based overflow

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-ba…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9459 — Edimax EW-7438RPn formConnectionSetting stack-based overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9458 — Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9457 — Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.3 CRITICAL
CVE-2026-9058 — Improper Certificate Verification in Szafir SDK

Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") …

Remote | Cryptography
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9456 — Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation …

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9455 — Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
Showing 20 of 6690 Results