Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-6433

    If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure tr... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-6432

    When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-6430

    When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This ... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6429

    Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vuln... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-6427

    An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < ... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-6426

    The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunde... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-2285

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary co... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-2287

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary co... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-2288

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat acto... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-2286

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary co... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-2293

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat acto... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-2829

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat acto... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3286

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor ... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3285

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor ... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3287

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute ar... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3288

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor ... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3289

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute ar... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-28766

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.... Read more

    • Published: Jan. 27, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-28770

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or... Read more

    • Published: Jan. 27, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-28771

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or... Read more

    • Published: Jan. 27, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291672 Results