Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.4 HIGH
CVE-2018-25283 — iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary c…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25282 — Nmap 7.70 Denial of Service via XML Entity Expansion

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a c…

| XML External Entity
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
5.5 MEDIUM
CVE-2018-25281 — iCash 7.6.5 Denial of Service via Connect to Server

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
5.5 MEDIUM
CVE-2018-25280 — Infiltrator Network Security Scanner 4.6 Denial of Service

Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 60…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25279 — jiNa OCR Image to Text 1.0 Denial of Service via PNG

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25278 — PicaJet FX 2.6.5 Denial of Service via Registration Fields

PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte …

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25277 — PixGPS 1.1.8 Buffer Overflow Denial of Service

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a paylo…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
5.5 MEDIUM
CVE-2018-25276 — RoboImport 1.2.0.72 Denial of Service via Registration Fields

RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-by…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25275 — Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow

Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25274 — InfraRecorder 0.53 Denial of Service via txt File Import

InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file conta…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25273 — CrossFont 7.5 Denial of Service via License Key Field

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malic…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.2 MEDIUM
CVE-2018-25264 — TransMac 12.2 Denial of Service via License Key Field

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a …

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
8.4 HIGH
CVE-2018-25263 — Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attacker…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.3 MEDIUM
CVE-2026-7041 — 666ghj MiroFish Werkzeug Debugger PIN console information disclosure

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation…

Remote | Information Disclosure
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
8.5 HIGH
CVE-2026-7039 — tufantunc ssh-mcp index.ts shell.write command injection

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description l…

| Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
0.0 NA
CVE-2026-7043 — GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The …

| Misconfiguration
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
0.0 NA
CVE-2026-7042 — 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to…

| Authentication
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
3.3 LOW
CVE-2026-7038 — tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficientl…

| Information Disclosure
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
10.0 HIGH
CVE-2026-7037 — Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat…

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7036 — Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal…

Remote | Path Traversal
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
Showing 20 of 5697 Results