Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2018-25282 — Nmap 7.70 Denial of Service via XML Entity Expansion

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a c…

| XML External Entity
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.8 MEDIUM
CVE-2018-25281 — iCash 7.6.5 Denial of Service via Connect to Server

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.8 MEDIUM
CVE-2018-25280 — Infiltrator Network Security Scanner 4.6 Denial of Service

Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 60…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25279 — jiNa OCR Image to Text 1.0 Denial of Service via PNG

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25278 — PicaJet FX 2.6.5 Denial of Service via Registration Fields

PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte …

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25277 — PixGPS 1.1.8 Buffer Overflow Denial of Service

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a paylo…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.8 MEDIUM
CVE-2018-25276 — RoboImport 1.2.0.72 Denial of Service via Registration Fields

RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-by…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25275 — Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow

Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25274 — InfraRecorder 0.53 Denial of Service via txt File Import

InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file conta…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25273 — CrossFont 7.5 Denial of Service via License Key Field

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malic…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25264 — TransMac 12.2 Denial of Service via License Key Field

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a …

transmac | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
8.6 HIGH
CVE-2018-25263 — Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attacker…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
8.1 HIGH
CVE-2026-6786 — Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and T…

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…

firefox thunderbird | Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
8.1 HIGH
CVE-2026-6785 — Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.1…

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume tha…

firefox thunderbird | Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.3 MEDIUM
CVE-2026-7041 — 666ghj MiroFish Werkzeug Debugger PIN console information disclosure

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation…

Remote | Information Disclosure
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
8.5 HIGH
CVE-2026-7039 — tufantunc ssh-mcp index.ts shell.write command injection

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description l…

| Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
3.3 LOW
CVE-2026-7038 — tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficientl…

| Information Disclosure
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
10.0 HIGH
CVE-2026-7037 — Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat…

a8000ru_firmware | Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7036 — Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal…

i9_firmware | Remote | Path Traversal
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
9.0 HIGH
CVE-2026-7035 — Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow

A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument G…

fh1202_firmware | Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
Showing 20 of 5701 Results