Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-5272

    Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-5271

    Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139.... Read more

    Affected Products : firefox thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5270

    In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139.... Read more

    Affected Products : firefox thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-5269

    Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 12... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-5267

    A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-5266

    Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-5265

    Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Ot... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-5264

    Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefo... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-5263

    Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 1... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2024-33752

    An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.... Read more

    Affected Products : emlog
    • Published: May. 06, 2024
    • Modified: Jun. 11, 2025

  • 5.3

    MEDIUM
    CVE-2024-33117

    crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.... Read more

    Affected Products : crmeb_java
    • Published: May. 06, 2024
    • Modified: Jun. 11, 2025

  • 6.2

    MEDIUM
    CVE-2022-43855

    IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service.... Read more

    Affected Products : spss_statistics
    • Published: Mar. 08, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-3931

    A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads t... Read more

    Affected Products : totara
    • Published: Apr. 18, 2024
    • Modified: Jun. 10, 2025

  • 8.8

    HIGH
    CVE-2025-23102

    An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Jun. 03, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-33118

    LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.... Read more

    Affected Products : luckyframeweb
    • Published: May. 06, 2024
    • Modified: Jun. 10, 2025

  • 7.1

    HIGH
    CVE-2024-28725

    Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings.... Read more

    Affected Products : yzmcms
    • Published: May. 06, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2025-45755

    A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When th... Read more

    Affected Products : vtiger_crm
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-44040

    An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function... Read more

    Affected Products : orangehrm
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-45753

    A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.... Read more

    Affected Products : vtiger_crm
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-5053

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launche... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293289 Results