Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-3523

    When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could tr... Read more

    Affected Products : thunderbird
    • Published: Apr. 15, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-3522

    Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the ... Read more

    Affected Products : thunderbird
    • Published: Apr. 15, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32949

    This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. If user import is enabled (which is the default setting), any registered user can upload an archive for importin... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-32948

    The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Acti... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-32947

    This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-2830

    By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to ... Read more

    Affected Products : thunderbird
    • Published: Apr. 15, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-29281

    In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.... Read more

    Affected Products : perfreeblog
    • Published: Apr. 15, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-28145

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat.... Read more

    Affected Products : br-6478ac_v3_firmware br-6478ac_v3
    • Published: Apr. 15, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-28144

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function.... Read more

    • Published: Apr. 15, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-28143

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup.... Read more

    Affected Products : br-6478ac_v3_firmware br-6478ac_v3
    • Published: Apr. 15, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-28142

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare.... Read more

    Affected Products : br-6478ac_v3_firmware br-6478ac_v3
    • Published: Apr. 15, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-27980

    cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.... Read more

    Affected Products : cashbook cashbook
    • Published: Apr. 15, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-29280

    Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code.... Read more

    Affected Products : perfreeblog
    • Published: Apr. 15, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-28137

    The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-28136

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-3608

    A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.... Read more

    Affected Products : firefox
    • Published: Apr. 15, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-32946

    This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32945

    The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32944

    The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.  If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2025-32103

    CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.... Read more

    Affected Products : crushftp
    • Published: Apr. 15, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293505 Results