Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-0244

    When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.... Read more

    Affected Products : firefox
    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-0243

    Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-0242

    Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-0241

    When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-0240

    Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-0239

    When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-0238

    Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunder... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-0237

    The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox ... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-56056

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3.... Read more

    Affected Products : simplecharm
    • Published: Jan. 07, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55556

    A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted ses... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-55008

    JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 inc... Read more

    Affected Products : jatos
    • Published: Jan. 07, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-53800

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15.... Read more

    Affected Products : rezgo_online_booking
    • Published: Jan. 07, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-53345

    An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-52813

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverifie... Read more

    Affected Products : matrix-rust-sdk
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2024-48245

    Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action N... Read more

    Affected Products : vehicle_management_system
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-46603

    An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.... Read more

    Affected Products : g5dfr_firmware g5dfr
    • Published: Jan. 07, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2024-46602

    An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.... Read more

    Affected Products : g5dfr_firmware g5dfr
    • Published: Jan. 07, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2024-46601

    Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.... Read more

    Affected Products : g5dfr_firmware g5dfr
    • Published: Jan. 07, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-46242

    An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2024-40702

    IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.... Read more

    Affected Products : windows cognos_controller controller
    • Published: Jan. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication
Showing 20 of 293508 Results