Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8044

    Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-8043

    Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 8.8

    HIGH
    CVE-2025-8040

    Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-8039

    In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-8038

    Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025

  • 9.1

    CRITICAL
    CVE-2025-8037

    Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunde... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-8036

    Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-8035

    Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of the... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8034

    Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enoug... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-8033

    The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, T... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-8032

    XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8031

    The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-8030

    Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-8029

    Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-8028

    On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Fi... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-8027

    On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, ... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-7724

    An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-7723

    A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-51462

    Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2025-51475

    Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291551 Results