Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-22294

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravity Master Custom Field For WP Job Manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through 1.3.... Read more

    Affected Products : custom_field_for_wp_job_manager
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-21624

    ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper ch... Read more

    Affected Products : clipbucket
    • Published: Jan. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-21623

    ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.... Read more

    Affected Products : clipbucket
    • Published: Jan. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-21622

    ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subd... Read more

    Affected Products : clipbucket
    • Published: Jan. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0298

    A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be in... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-0297

    A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated rem... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0247

    Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-0246

    When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerabil... Read more

    Affected Products : android firefox
    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2025-0245

    Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.... Read more

    Affected Products : firefox
    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-0244

    When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.... Read more

    Affected Products : firefox
    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-0243

    Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-0242

    Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-0241

    When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-0240

    Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-0239

    When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-0238

    Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunder... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-0237

    The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox ... Read more

    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-56056

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3.... Read more

    Affected Products : simplecharm
    • Published: Jan. 07, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55556

    A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted ses... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-55008

    JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 inc... Read more

    Affected Products : jatos
    • Published: Jan. 07, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293517 Results