Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-6431

    When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in externa... Read more

    Affected Products : android firefox
    • Published: Jun. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-6430

    When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This ... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6429

    Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vuln... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-6428

    When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* ... Read more

    Affected Products : android firefox
    • Published: Jun. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-6427

    An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < ... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-6426

    The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunde... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-6425

    An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < ... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-6424

    A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-39205

    A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cryptography

  • 8.5

    HIGH
    CVE-2025-39204

    A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2025-39203

    A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-39202

    A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-39201

    A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-2403

    A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Commun... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-1718

    An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-6206

    The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all ve... Read more

    Affected Products : aiomatic
    • Published: Jun. 24, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-3092

    An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-3091

    An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-5258

    The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : conference_scheduler
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-50213

    Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters we... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
Showing 20 of 293353 Results