Total CVEs

145,906

Critical Severity

4,292

High Severity

15,777

Last 7 Days

2,236
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,541 - 23,560 of 42,311 CVEs
CVE-2026-40386 MEDIUM - 4.0

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

Vendor: libexif project
Product: libexif
Published: Apr 12, 2026
Source: NVD
CVE-2026-40385 MEDIUM - 4.0

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

Vendor: libexif project
Product: libexif
Published: Apr 12, 2026
Source: NVD
CVE-2019-25713 HIGH - 7.1

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

Vendor: MyT
Product: Project Management
Published: Apr 12, 2026
Source: NVD
CVE-2019-25712 MEDIUM - 6.2

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration...

Vendor: NSauditor
Product: BlueAuditor
Published: Apr 12, 2026
Source: NVD
CVE-2019-25711 MEDIUM - 6.2

SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash wh...

Vendor: NSauditor
Product: SpotFTP Password Recover
Published: Apr 12, 2026
Source: NVD
CVE-2019-25710 HIGH - 8.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-...

Vendor: Dolibarr
Product: Dolibarr ERP-CRM
Published: Apr 12, 2026
Source: NVD
CVE-2019-25709 CRITICAL - 9.8

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the ...

Vendor: Davidtavarez
Product: CF Image Hosting Script
Published: Apr 12, 2026
Source: NVD
CVE-2019-25708 MEDIUM - 4.3

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm,...

Vendor: Heatmiser
Product: Heatmiser Wifi Thermostat
Published: Apr 12, 2026
Source: NVD
CVE-2019-25707 HIGH - 7.1

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extr...

Vendor: Ebrigade
Product: eBrigade ERP
Published: Apr 12, 2026
Source: NVD
CVE-2019-25706 HIGH - 7.5

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backu...

Vendor: Across
Product: DR-810
Published: Apr 12, 2026
Source: NVD
CVE-2019-25705 HIGH - 8.4

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and ...

Vendor: Sourceforge
Product: Echo Mirage
Published: Apr 12, 2026
Source: NVD
CVE-2019-25703 HIGH - 7.1

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values c...

Vendor: Impresscms
Product: ImpressCMS
Published: Apr 12, 2026
Source: NVD
CVE-2019-25701 HIGH - 8.4

Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and ex...

Vendor: Divxtodvd
Product: Easy Video to iPod Converter
Published: Apr 12, 2026
Source: NVD
CVE-2019-25699 HIGH - 7.1

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search paramet...

Vendor: Newsbull
Product: Newsbull Haber Script
Published: Apr 12, 2026
Source: NVD
CVE-2019-25697 HIGH - 8.2

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information includin...

Vendor: VictorAlagwu
Product: CMSsite
Published: Apr 12, 2026
Source: NVD
CVE-2019-25695 HIGH - 8.4

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload...

Vendor: r-project
Product: R
Published: Apr 12, 2026
Source: NVD
CVE-2019-25693 HIGH - 7.1

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extr...

Vendor: Resourcespace
Product: ResourceSpace
Published: Apr 12, 2026
Source: NVD
CVE-2019-25691 HIGH - 8.4

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to t...

Vendor: Faleemi
Product: Faleemi Desktop Software
Published: Apr 12, 2026
Source: NVD
CVE-2019-25689 HIGH - 8.4

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger c...

Vendor: Html5Videoplayer
Product: HTML5 Video Player
Published: Apr 12, 2026
Source: NVD
CVE-2018-25258 HIGH - 8.4

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer...

Vendor: R-Project
Product: RGui
Published: Apr 12, 2026
Source: NVD