Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14253
Total
958
Critical
4178
High
4523
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2019-25654 | HIGH | 7.5 | Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User … | Mar 30, 2026 |
| CVE-2019-25653 | MEDIUM | 6.2 | Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in … | Mar 30, 2026 |
| CVE-2018-25235 | MEDIUM | 6.2 | NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application … | Mar 30, 2026 |
| CVE-2018-25234 | MEDIUM | 6.2 | SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the … | Mar 30, 2026 |
| CVE-2018-25233 | MEDIUM | 6.2 | WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username … | Mar 30, 2026 |
| CVE-2018-25232 | MEDIUM | 5.5 | Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to … | Mar 30, 2026 |
| CVE-2018-25231 | MEDIUM | 6.2 | HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the … | Mar 30, 2026 |
| CVE-2018-25230 | MEDIUM | 5.5 | Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the … | Mar 30, 2026 |
| CVE-2018-25229 | MEDIUM | 5.5 | BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying … | Mar 30, 2026 |
| CVE-2018-25228 | MEDIUM | 6.2 | NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can … | Mar 30, 2026 |
| CVE-2018-25227 | MEDIUM | 6.2 | Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the … | Mar 30, 2026 |
| CVE-2018-25226 | MEDIUM | 6.2 | FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account … | Mar 30, 2026 |
| CVE-2026-1612 | UNKNOWN | — | AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give … | Mar 30, 2026 |
| CVE-2026-5128 | CRITICAL | 10.0 | A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly … | Mar 30, 2026 |
| CVE-2026-5121 | UNKNOWN | — | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can … | Mar 30, 2026 |
| CVE-2026-4416 | HIGH | 7.8 | The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune … | Mar 30, 2026 |
| CVE-2026-4415 | HIGH | 8.1 | Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files … | Mar 30, 2026 |
| CVE-2026-3945 | HIGH | 7.5 | An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to … | Mar 30, 2026 |
| CVE-2026-2328 | HIGH | 7.5 | An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive … | Mar 30, 2026 |
| CVE-2026-25704 | UNKNOWN | — | A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped … | Mar 30, 2026 |
| CVE-2025-3716 | UNKNOWN | — | User enumeration in ESET Protect (on-prem) via Response Timing. | Mar 30, 2026 |
| CVE-2025-15379 | CRITICAL | 10.0 | A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads … | Mar 30, 2026 |
| CVE-2026-5119 | MEDIUM | 5.9 | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial … | Mar 30, 2026 |
| CVE-2026-5107 | MEDIUM | 4.2 | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 … | Mar 30, 2026 |
| CVE-2026-5106 | LOW | 2.4 | A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation … | Mar 30, 2026 |