Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2019-25687 | CRITICAL | 9.8 | Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval … | Apr 05, 2026 |
| CVE-2019-25686 | HIGH | 7.5 | Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending … | Apr 05, 2026 |
| CVE-2019-25685 | HIGH | 8.8 | phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers … | Apr 05, 2026 |
| CVE-2019-25684 | HIGH | 8.2 | OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can … | Apr 05, 2026 |
| CVE-2019-25683 | MEDIUM | 6.2 | FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed … | Apr 05, 2026 |
| CVE-2019-25682 | MEDIUM | 4.3 | CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated … | Apr 05, 2026 |
| CVE-2019-25681 | HIGH | 8.4 | Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by … | Apr 05, 2026 |
| CVE-2019-25680 | HIGH | 8.2 | Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … | Apr 05, 2026 |
| CVE-2019-25679 | HIGH | 7.8 | RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary … | Apr 05, 2026 |
| CVE-2019-25678 | HIGH | 8.2 | C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through … | Apr 05, 2026 |
| CVE-2019-25677 | MEDIUM | 6.2 | WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the … | Apr 05, 2026 |
| CVE-2019-25676 | HIGH | 8.2 | Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can … | Apr 05, 2026 |
| CVE-2019-25675 | HIGH | 8.2 | eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers … | Apr 05, 2026 |
| CVE-2019-25674 | HIGH | 8.2 | CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can … | Apr 05, 2026 |
| CVE-2019-25673 | HIGH | 8.8 | UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form … | Apr 05, 2026 |
| CVE-2019-25672 | HIGH | 8.2 | PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can … | Apr 05, 2026 |
| CVE-2019-25671 | HIGH | 8.8 | VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. … | Apr 05, 2026 |
| CVE-2019-25670 | HIGH | 8.4 | River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious … | Apr 05, 2026 |
| CVE-2019-25669 | HIGH | 8.2 | qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] parameter. Attackers can send … | Apr 05, 2026 |
| CVE-2019-25668 | HIGH | 8.2 | News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID … | Apr 05, 2026 |
| CVE-2019-25667 | MEDIUM | 6.2 | TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste … | Apr 05, 2026 |
| CVE-2019-25666 | MEDIUM | 6.2 | SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an … | Apr 05, 2026 |
| CVE-2019-25665 | MEDIUM | 6.2 | River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. … | Apr 05, 2026 |
| CVE-2019-25664 | HIGH | 7.1 | SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database … | Apr 05, 2026 |
| CVE-2019-25663 | HIGH | 7.1 | SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can … | Apr 05, 2026 |