CVEs from 2025
Total
8,818
critical
critical 1,314
high
high 1,959
medium
medium 1,968
low
low 200
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9140 | high | 8.8 | 9.8 | 10mo ago | A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_modul… | |||
| CVE-2025-12744 | high | — | 9.0 | 6mo ago | RHSA-2025:22760: abrt security update (Important) | |||
| CVE-2025-55315 | high | — | 9.0 | 7mo ago | RHSA-2025:18150: .NET 9.0 security update (Important) | |||
| CVE-2025-6965 | high | — | 9.0 | 10mo ago | RHSA-2025:14101: mingw-sqlite security update (Important) | |||
| CVE-2025-32023 | high | — | 9.0 | 11mo ago | RHSA-2025:12006: redis:6 security update (Important) | |||
| CVE-2025-31650 | high | — | 9.0 | 11mo ago | Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory … | |||
| CVE-2025-32462 | high | — | 9.0 | 11mo ago | Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. | |||
| CVE-2025-1094 | high | — | 9.0 | 1y ago | RHSA-2025:3082: postgresql:12 security update (Important) | |||
| CVE-2025-67888 | high | 7.3 | 8.3 | 27d ago | An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized bef… | |||
| CVE-2025-8518 | high | 7.2 | 8.2 | 10mo ago | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. … |