Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.8 MEDIUM
CVE-2019-25554 — Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can t…

easy_video_to_mp4_converter | Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25553 — CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image

CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed…

| Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.7 HIGH
CVE-2019-25552 — CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a l…

Remote | Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25551 — Sandboxie 5.30 Denial of Service via Program Alerts Buffer Overflow

Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attac…

sandboxie | Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25550 — Encrypt PDF 2.3 Denial of Service via Buffer Overflow

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-by…

verypdf | Memory Corruption
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25549 — VeryPDF PCL Converter 2.7 Denial of Service via PDF Security

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buf…

verypdf | Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25548 — BlueStacks 4.80.0.1060 Denial of Service via Search Field

BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer …

bluestacks | Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25547 — NetAware 1.20 Denial of Service via Add Block Buffer Overflow

NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious …

| Memory Corruption
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25546 — NetAware 1.20 Share Name Denial of Service

NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a de…

| Memory Corruption
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25545 — Terminal Services Manager 3.2.1 Local Buffer Overflow Denial of Service

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attac…

| Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.9 MEDIUM
CVE-2019-25544 — Pidgin 2.13.0 Denial of Service via Malformed Username

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can i…

pidgin | Denial of Service
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.5 MEDIUM
CVE-2026-4515 — Foundation Agents MetaGPT operator.py code_generate code injection

A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code inje…

metagpt | Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.5 MEDIUM
CVE-2026-4514 — PbootCMS Backend UserController.php access control

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a …

pbootcms | Remote | Authorization
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.5 MEDIUM
CVE-2026-4513 — vanna-ai vanna base.py ask sql injection

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injectio…

Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.5 MEDIUM
CVE-2026-4511 — vanna-ai vanna legacy exec injection

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed…

Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
5.3 MEDIUM
CVE-2026-4510 — PbootCMS Parameter MemberController.php alert_location cross site scripting

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipu…

pbootcms | Remote | Cross-Site Scripting
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
7.5 HIGH
CVE-2026-4373 — JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' metho…

Remote | Path Traversal
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.5 MEDIUM
CVE-2026-4509 — PbootCMS File Upload file.php incomplete blacklist

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black …

pbootcms | Remote | Path Traversal
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.8 HIGH
CVE-2026-4261 — Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator…

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_…

Remote | Authorization
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
4.4 MEDIUM
CVE-2026-4161 — Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scri…

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitizati…

Remote | Cross-Site Scripting
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
Showing 20 of 5466 Results