Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13055
Total
867
Critical
3775
High
4128
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40393 | HIGH | 8.1 | In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted … | Apr 12, 2026 |
| CVE-2026-40386 | MEDIUM | 4.0 | In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak … | Apr 12, 2026 |
| CVE-2026-40385 | MEDIUM | 4.0 | In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. … | Apr 12, 2026 |
| CVE-2019-25713 | HIGH | 7.1 | MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers … | Apr 12, 2026 |
| CVE-2019-25712 | MEDIUM | 6.2 | BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key … | Apr 12, 2026 |
| CVE-2019-25711 | MEDIUM | 6.2 | SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the … | Apr 12, 2026 |
| CVE-2019-25710 | HIGH | 8.2 | Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. … | Apr 12, 2026 |
| CVE-2019-25709 | CRITICAL | 9.8 | CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers … | Apr 12, 2026 |
| CVE-2019-25708 | MEDIUM | 4.3 | Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. … | Apr 12, 2026 |
| CVE-2019-25707 | HIGH | 7.1 | eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. … | Apr 12, 2026 |
| CVE-2019-25706 | HIGH | 7.5 | Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple … | Apr 12, 2026 |
| CVE-2019-25705 | HIGH | 8.4 | Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized … | Apr 12, 2026 |
| CVE-2019-25703 | HIGH | 7.1 | ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. … | Apr 12, 2026 |
| CVE-2019-25701 | HIGH | 8.4 | Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured … | Apr 12, 2026 |
| CVE-2019-25699 | HIGH | 7.1 | Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and … | Apr 12, 2026 |
| CVE-2019-25697 | HIGH | 8.2 | CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can … | Apr 12, 2026 |
| CVE-2019-25695 | HIGH | 8.4 | R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. … | Apr 12, 2026 |
| CVE-2019-25693 | HIGH | 7.1 | ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in … | Apr 12, 2026 |
| CVE-2019-25691 | HIGH | 8.4 | Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception … | Apr 12, 2026 |
| CVE-2019-25689 | HIGH | 8.4 | HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers … | Apr 12, 2026 |
| CVE-2018-25258 | HIGH | 8.4 | RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. … | Apr 12, 2026 |
| CVE-2018-25257 | HIGH | 7.1 | Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name … | Apr 12, 2026 |
| CVE-2017-20239 | MEDIUM | 6.1 | MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can … | Apr 12, 2026 |
| CVE-2026-6126 | HIGH | 7.3 | A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation … | Apr 12, 2026 |
| CVE-2026-6125 | MEDIUM | 6.3 | A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow … | Apr 12, 2026 |