Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-33475 — Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repo…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
9.9 CRITICAL
CVE-2026-33309 — Langflow has an Arbitrary File Write (RCE) via v2 API

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to t…

langflow | Remote | Path Traversal
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
7.3 HIGH
CVE-2025-64998 — Session hijacking via exposed session signing secret in distributed Checkmk setups

Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging sessio…

Remote | Authentication
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25647 — PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension cont…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
9.8 CRITICAL
CVE-2019-25646 — Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attacke…

Remote | Memory Corruption
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
6.9 MEDIUM
CVE-2019-25645 — WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a speci…

| Denial of Service
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
6.9 MEDIUM
CVE-2019-25644 — WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Att…

| Denial of Service
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25643 — eNdonesia Portal v8.7 SQL Injection via banners.php

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Atta…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25642 — Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25641 — Netartmedia Vlog System Lastest SQL Injection via email Parameter

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can s…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25640 — Inout Article Base CMS Lastest SQL Injection via portalLogin.php

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usi…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25639 — Matrimony Website Script M-Plus Multiple SQL Injection

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST paramete…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
7.1 HIGH
CVE-2019-25638 — Meeplace Business Review Script Lastest SQL Injection via addclick.php

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. …

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.6 HIGH
CVE-2019-25637 — X-NetStat Pro 5.63 Local Buffer Overflow via EggHunter

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers c…

| Memory Corruption
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25636 — Zeeways Jobsite CMS Lastest SQL Injection via id Parameter

Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can se…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.8 HIGH
CVE-2019-25635 — Zeeways Matrimony CMS Lastest SQL Injection via profile_list

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL c…

Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.6 HIGH
CVE-2019-25634 — Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers…

| Memory Corruption
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.6 HIGH
CVE-2019-25633 — AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via EggHunter

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email pr…

| Memory Corruption
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
6.9 MEDIUM
CVE-2019-25632 — phpFileManager 1.7.8 Local File Inclusion via index.php

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. A…

| Path Traversal
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
8.6 HIGH
CVE-2019-25631 — AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shell…

| Memory Corruption
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Showing 20 of 5418 Results