Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2019-25588 — BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. At…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25587 — BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessiv…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25586 — Deluge 1.3.15 Denial of Service via URL Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of…

deluge | Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25585 — Deluge 1.3.15 Denial of Service via Webseeds Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buff…

deluge | Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25584 — RarmaRadio 2.72.3 Server Field Buffer Overflow Denial of Service

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. At…

| Memory Corruption
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25583 — RarmaRadio 2.72.3 Username Field Denial of Service

RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buf…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
5.3 MEDIUM
CVE-2026-4530 — apconw Aix-DB terminology_retriever.py sql injection

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument D…

| Injection
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
9.0 HIGH
CVE-2026-4529 — D-Link DHP-1320 SOAP redirect_count_down_page stack-based overflow

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. …

Remote | Memory Corruption
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.1 HIGH
CVE-2026-3629 — Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator v…

The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'save_extra_user_profile_fields' …

import_and_export_users_and_customers | Remote | Authorization
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
7.5 HIGH
CVE-2026-4528 — trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side req…

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component…

Remote | Server-Side Request Forgery
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
5.0 MEDIUM
CVE-2026-2756 — OmniPEMF NeoRhythm BLE missing authentication

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. Th…

| Authentication
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
7.1 HIGH
CVE-2019-25582 — i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send …

Remote | Path Traversal
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.8 HIGH
CVE-2019-25581 — i-doit CMDB 1.12 SQL Injection via objGroupID Parameter

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers…

Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.8 HIGH
CVE-2019-25580 — ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET…

Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.7 HIGH
CVE-2019-25579 — phpTransformer 2016.9 Directory Traversal via jQueryFileUpload

phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to t…

Remote | Path Traversal
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.8 HIGH
CVE-2019-25578 — phpTransformer 2016.9 SQL Injection via GeneratePDF.php

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can sen…

Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
6.8 MEDIUM
CVE-2019-25577 — SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attack…

seotoaster | Path Traversal
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.8 HIGH
CVE-2019-25576 — Kepler Wallpaper Script 1.1 SQL Injection via category

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Att…

Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
8.8 HIGH
CVE-2019-25575 — SimplePress CMS 1.0.7 SQL Injection via p and s Parameters

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. At…

Remote | Injection
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
7.1 HIGH
CVE-2019-25574 — Green CMS 2.x Path Traversal Arbitrary File Download

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipul…

Remote | Path Traversal
Mar 21, 2026 Mar 21, 2026
Mar 21, 2026
Mar 21, 2026
Showing 20 of 5500 Results