Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-30354

    Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case w... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-30224

    MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information ... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-30210

    Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on ho... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-28398

    D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Apr. 01, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-28395

    D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Apr. 01, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-3035

    By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.... Read more

    Affected Products : firefox
    • Published: Apr. 01, 2025
    • Modified: Apr. 15, 2025

  • 8.1

    HIGH
    CVE-2025-3034

    Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 01, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-3033

    After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunder... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 01, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-3032

    Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 01, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-3031

    An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 01, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-3030

    Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... Read more

    • Published: Apr. 01, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-3029

    A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.... Read more

    • Published: Apr. 01, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-3028

    JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.... Read more

    • Published: Apr. 01, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-31408

    Missing Authorization vulnerability in Zoho Flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through 2.13.3.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-22231

    VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.... Read more

    Affected Products : aria_operations
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-1660

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Apr. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1659

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    • Published: Apr. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1658

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    • Published: Apr. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-3085

    A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not ... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-3084

    When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Ser... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293338 Results