CVEs from 2025
Total
8,818
critical
critical 1,314
high
high 1,959
medium
medium 1,968
low
low 200
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32375 | unknown | — | 1.0 | 1y ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting… | |||
| CVE-2025-27520 | unknown | — | 1.0 | 1y ago | BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization | |||
| CVE-2025-2945 | unknown | — | 1.0 | 1y ago | pgAdmin 4 Vulnerable to Remote Code Execution | |||
| CVE-2025-31131 | unknown | — | 1.0 | 1y ago | Yeswiki Path Traversal vulnerability allows arbitrary read of files | |||
| CVE-2025-30208 | unknown | — | 1.0 | 1y ago | Vite bypasses server.fs.deny when using ?raw?? | |||
| CVE-2025-24514 | unknown | — | 1.0 | 1y ago | ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx | |||
| CVE-2025-1974 | unknown | — | 1.0 | 1y ago | ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx | |||
| CVE-2025-1097 | unknown | — | 1.0 | 1y ago | ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx | |||
| CVE-2025-1098 | unknown | — | 1.0 | 1y ago | ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx | |||
| CVE-2025-29927 | unknown | — | 1.0 | 1y ago | Authorization Bypass in Next.js Middleware | |||
| CVE-2025-1550 | unknown | — | 1.0 | 1y ago | The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the a… | |||
| CVE-2025-0868 | unknown | — | 1.0 | 1y ago | DocsGPT Allows Remote Code Execution |