Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-36371

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.  A user with access to the database plan cache could see information they do not have authority to view.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-13027

    Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13026

    Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-13025

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13024

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145 and Thunderbird < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13023

    Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13022

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13021

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-13020

    Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-13019

    Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-13018

    Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-13017

    Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-13016

    Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 3.4

    LOW
    CVE-2025-13015

    Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025

  • 8.8

    HIGH
    CVE-2025-13014

    Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-13013

    Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-13012

    Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-12057

    The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-13346

    A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=save_station. Performing manipulation of the argument id/station results in sql injection. The attack may be initi... Read more

    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-13347

    A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument Username can lead to sql injection. The attack may be launch... Read more

    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection
Showing 20 of 3963 Results