Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-46338

    Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicio... Read more

    Affected Products : audiobookshelf
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46343

    n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. Howe... Read more

    Affected Products : n8n
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-58099

    In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for n... Read more

    Affected Products : linux_kernel
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4060

    A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation of the argument catname leads to sql injection. The attack may ... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-4061

    A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking lo... Read more

    Affected Products : clothing_store_management_system
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-4062

    A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It... Read more

    Affected Products : theater_seat_booking_system
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-4063

    A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument first_name/last_name leads to stack-based buffer overflow. The... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-4064

    A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the... Read more

    Affected Products : online_traveling_system
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-4082

    Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are una... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-4083

    A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulner... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-4084

    Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Oth... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-4085

    An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-4086

    A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* T... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2025-4087

    A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affe... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4088

    A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across ori... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-4089

    Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunde... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-4090

    A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138.... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-4091

    Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4092

    Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4093

    Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291717 Results