CVEs from 2025
Total
8,951
critical
critical 1,361
high
high 2,043
medium
medium 2,040
low
low 203
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4207 | high | — | 8.0 | 9mo ago | RHSA-2025:15022: postgresql:15 security update (Important) | |||
| CVE-2025-9181 | high | — | 8.0 | 10mo ago | Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | |||
| CVE-2025-22058 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-37914 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-38417 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-9185 | high | — | 8.0 | 10mo ago | Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evid… | |||
| CVE-2025-9182 | high | — | 8.0 | 10mo ago | Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2. | |||
| CVE-2025-9180 | high | — | 8.0 | 10mo ago | Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128… | |||
| CVE-2025-54389 | high | — | 8.0 | 10mo ago | RHSA-2025:14573: aide security update (Important) | |||
| CVE-2025-9179 | high | — | 8.0 | 10mo ago | An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the con… | |||
| CVE-2025-52434 | high | — | 8.0 | 10mo ago | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with c… | |||
| CVE-2025-48976 | high | — | 8.0 | 10mo ago | Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; fr… | |||
| CVE-2025-53506 | high | — | 8.0 | 10mo ago | Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue … | |||
| CVE-2025-52520 | high | — | 8.0 | 10mo ago | For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0… | |||
| CVE-2025-48988 | high | — | 8.0 | 10mo ago | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 th… | |||
| CVE-2025-49125 | high | — | 8.0 | 10mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possib… | |||
| CVE-2025-38380 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-38085 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-47907 | high | — | 8.0 | 10mo ago | Incorrect results returned from Rows.Scan in database/sql | |||
| CVE-2025-38084 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-4674 | high | — | 8.0 | 10mo ago | Important: golang security update | |||
| CVE-2025-38159 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-43227 | high | — | 8.0 | 10mo ago | This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing malicio… | |||
| CVE-2025-43240 | high | — | 8.0 | 10mo ago | A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated. | |||
| CVE-2025-43265 | high | — | 8.0 | 10mo ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing… | |||
| CVE-2025-43211 | high | — | 8.0 | 10mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processi… | |||
| CVE-2025-43216 | high | — | 8.0 | 10mo ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS… | |||
| CVE-2025-31273 | high | — | 8.0 | 10mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously … | |||
| CVE-2025-31278 | high | — | 8.0 | 10mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processi… | |||
| CVE-2025-43212 | high | — | 8.0 | 10mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously … | |||
| CVE-2025-23266 | high | — | 8.0 | 10mo ago | Important: toolbox security update | |||
| CVE-2025-21962 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-38087 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-21928 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-21929 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-37890 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-38052 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-22020 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-52999 | high | — | 8.0 | 10mo ago | RHSA-2025:14126: pki-deps:10.6 security update (Important) | |||
| CVE-2025-27151 | high | — | 8.0 | 10mo ago | Important: redis:7 security update | |||
| CVE-2025-5994 | high | — | 8.0 | 10mo ago | RHSA-2025:11884: unbound security update (Important) | |||
| CVE-2025-8030 | high | — | 8.0 | 11mo ago | Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox … | |||
| CVE-2025-8029 | high | — | 8.0 | 11mo ago | Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13… | |||
| CVE-2025-8028 | high | — | 8.0 | 11mo ago | On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulne… | |||
| CVE-2025-8033 | high | — | 8.0 | 11mo ago | The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefo… | |||
| CVE-2025-8032 | high | — | 8.0 | 11mo ago | XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thun… | |||
| CVE-2025-8034 | high | — | 8.0 | 11mo ago | Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evid… | |||
| CVE-2025-8031 | high | — | 8.0 | 11mo ago | The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 12… | |||
| CVE-2025-8035 | high | — | 8.0 | 11mo ago | Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corru… | |||
| CVE-2025-8027 | high | — | 8.0 | 11mo ago | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefo… | |||
| CVE-2025-27614 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2025-46835 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2025-48367 | high | — | 8.0 | 11mo ago | RHSA-2025:12006: redis:6 security update (Important) | |||
| CVE-2025-38425 | high | — | 8.0 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from … | |||
| CVE-2025-27613 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2025-48385 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2025-38089 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-30749 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-30754 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-30761 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-50106 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-50059 | high | — | 8.0 | 11mo ago | RHSA-2025:10873: java-21-openjdk security update (Important) | |||
| CVE-2025-30402 | high | — | 8.0 | 11mo ago | ExecuTorch vulnerable to Heap-based Buffer Overflow attack | |||
| CVE-2025-6032 | high | — | 8.0 | 11mo ago | RHSA-2025:10551: container-tools:rhel8 security update (Important) | |||
| CVE-2025-21887 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-21759 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-37799 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-22004 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-5986 | high | — | 8.0 | 11mo ago | RHSA-2025:10246: thunderbird security update (Important) | |||
| CVE-2025-48379 | high | — | 8.0 | 11mo ago | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format… | |||
| CVE-2025-6425 | high | — | 8.0 | 11mo ago | An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode,… | |||
| CVE-2025-4435 | high | — | 8.0 | 11mo ago | Important: python3.9 security update | |||
| CVE-2025-4138 | high | — | 8.0 | 11mo ago | Important: python3.9 security update | |||
| CVE-2025-6424 | high | — | 8.0 | 11mo ago | A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.… | |||
| CVE-2025-4517 | high | — | 8.0 | 11mo ago | Important: python3.9 security update | |||
| CVE-2025-4330 | high | — | 8.0 | 11mo ago | Important: python3.9 security update | |||
| CVE-2025-6429 | high | — | 8.0 | 11mo ago | Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restric… | |||
| CVE-2025-6430 | high | — | 8.0 | 11mo ago | When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a we… | |||
| CVE-2025-49177 | high | — | 8.0 | 1y ago | A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. | |||
| CVE-2025-49179 | high | — | 8.0 | 1y ago | A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length … | |||
| CVE-2025-6019 | high | — | 8.0 | 1y ago | RHSA-2025:9878: libblockdev security update (Important) | |||
| CVE-2025-49178 | high | — | 8.0 | 1y ago | A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial… | |||
| CVE-2025-40908 | high | — | 8.0 | 1y ago | RHSA-2025:9329: perl-YAML-LibYAML security update (Important) | |||
| CVE-2025-49180 | high | — | 8.0 | 1y ago | A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocat… | |||
| CVE-2025-49176 | high | — | 8.0 | 1y ago | A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size … | |||
| CVE-2025-49175 | high | — | 8.0 | 1y ago | A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potenti… | |||
| CVE-2025-6279 | high | 8.0 | 8.0 | 1y ago | A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handle… | |||
| CVE-2025-48798 | high | — | 8.0 | 1y ago | RHSA-2025:9165: gimp:2.8 security update (Important) | |||
| CVE-2025-48797 | high | — | 8.0 | 1y ago | RHSA-2025:9165: gimp:2.8 security update (Important) | |||
| CVE-2025-4404 | high | — | 8.0 | 1y ago | RHSA-2025:9188: idm:DL1 security update (Important) | |||
| CVE-2025-5473 | high | — | 8.0 | 1y ago | RHSA-2025:9165: gimp:2.8 security update (Important) | |||
| CVE-2025-22126 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21979 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-37750 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21963 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-48734 | high | — | 8.0 | 1y ago | Important: apache-commons-beanutils security update | |||
| CVE-2025-21999 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21969 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21961 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-47947 | high | — | 8.0 | 1y ago | RHSA-2025:8844: mod_security security update (Important) |