CVEs from 2025
Total
8,935
critical
critical 1,363
high
high 2,047
medium
medium 2,041
low
low 204
% Critical
15.3%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22126 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21961 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21999 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-30399 | high | — | 8.0 | 1y ago | RHSA-2025:8815: .NET 9.0 security update (Important) | |||
| CVE-2025-47947 | high | — | 8.0 | 1y ago | RHSA-2025:8844: mod_security security update (Important) | |||
| CVE-2025-37785 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-37943 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-40907 | high | — | 8.0 | 1y ago | RHSA-2025:8696: perl-FCGI:0.78 security update (Important) | |||
| CVE-2025-21926 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21997 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-22055 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21920 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-23165 | high | — | 8.0 | 1y ago | RHSA-2025:8514: nodejs:20 security update (Important) | |||
| CVE-2025-23167 | high | — | 8.0 | 1y ago | A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers t… | |||
| CVE-2025-4447 | high | — | 8.0 | 1y ago | RHSA-2025:8431: java-1.8.0-ibm security update (Important) | |||
| CVE-2025-23166 | high | — | 8.0 | 1y ago | RHSA-2025:8514: nodejs:20 security update (Important) | |||
| CVE-2025-47905 | high | — | 8.0 | 1y ago | Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to d… | |||
| CVE-2025-5268 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort … | |||
| CVE-2025-5263 | high | — | 8.0 | 1y ago | Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Fir… | |||
| CVE-2025-5266 | high | — | 8.0 | 1y ago | Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thu… | |||
| CVE-2025-5283 | high | — | 8.0 | 1y ago | Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-32909 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-32910 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-5267 | high | — | 8.0 | 1y ago | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunder… | |||
| CVE-2025-5264 | high | — | 8.0 | 1y ago | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's … | |||
| CVE-2025-5269 | high | — | 8.0 | 1y ago | RHSA-2025:8756: thunderbird security update (Important) | |||
| CVE-2025-3887 | high | — | 8.0 | 1y ago | RHSA-2025:8201: gstreamer1-plugins-bad-free security update (Important) | |||
| CVE-2025-3877 | high | — | 8.0 | 1y ago | RHSA-2025:8756: thunderbird security update (Important) | |||
| CVE-2025-3875 | high | — | 8.0 | 1y ago | RHSA-2025:8756: thunderbird security update (Important) | |||
| CVE-2025-3909 | high | — | 8.0 | 1y ago | RHSA-2025:8756: thunderbird security update (Important) | |||
| CVE-2025-3932 | high | — | 8.0 | 1y ago | RHSA-2025:8756: thunderbird security update (Important) | |||
| CVE-2025-32049 | high | — | 8.0 | 1y ago | RHSA-2025:8132: libsoup security update (Important) | |||
| CVE-2025-32914 | high | — | 8.0 | 1y ago | RHSA-2025:8132: libsoup security update (Important) | |||
| CVE-2025-2784 | high | — | 8.0 | 1y ago | RHSA-2025:8132: libsoup security update (Important) | |||
| CVE-2025-4948 | high | — | 8.0 | 1y ago | RHSA-2025:8132: libsoup security update (Important) | |||
| CVE-2025-4919 | high | — | 8.0 | 1y ago | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ES… | |||
| CVE-2025-4918 | high | — | 8.0 | 1y ago | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbi… | |||
| CVE-2025-31205 | high | — | 8.0 | 1y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltra… | |||
| CVE-2025-21966 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-37749 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-47287 | high | — | 8.0 | 1y ago | RHSA-2025:8254: pcs security update (Important) | |||
| CVE-2025-26646 | high | — | 8.0 | 1y ago | RHSA-2025:7589: .NET 8.0 security update (Important) | |||
| CVE-2025-31492 | high | — | 8.0 | 1y ago | RHSA-2025:3997: mod_auth_openidc:2.3 security update (Important) | |||
| CVE-2025-21633 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-32906 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-31498 | high | — | 8.0 | 1y ago | Important: nodejs:22 security update | |||
| CVE-2025-32053 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-3155 | high | — | 8.0 | 1y ago | A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrat… | |||
| CVE-2025-32050 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-3277 | high | — | 8.0 | 1y ago | Important: nodejs:22 security update | |||
| CVE-2025-32913 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-46421 | high | — | 8.0 | 1y ago | RHSA-2025:4560: libsoup security update (Important) | |||
| CVE-2025-32052 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-32907 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-32911 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-46420 | high | — | 8.0 | 1y ago | RHSA-2025:4560: libsoup security update (Important) | |||
| CVE-2025-21993 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-21605 | high | — | 8.0 | 1y ago | RHSA-2025:7686: redis:6 security update (Important) | |||
| CVE-2025-46727 | high | — | 8.0 | 1y ago | RHSA-2025:8254: pcs security update (Important) | |||
| CVE-2025-4091 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so… | |||
| CVE-2025-4087 | high | — | 8.0 | 1y ago | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and… | |||
| CVE-2025-2817 | high | — | 8.0 | 1y ago | Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged… | |||
| CVE-2025-4083 | high | — | 8.0 | 1y ago | A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended f… | |||
| CVE-2025-4093 | high | — | 8.0 | 1y ago | RHSA-2025:4797: thunderbird security update (Important) | |||
| CVE-2025-21927 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2025-3522 | high | — | 8.0 | 1y ago | RHSA-2025:4649: thunderbird security update (Important) | |||
| CVE-2025-3523 | high | — | 8.0 | 1y ago | RHSA-2025:4649: thunderbird security update (Important) | |||
| CVE-2025-2830 | high | — | 8.0 | 1y ago | RHSA-2025:4649: thunderbird security update (Important) | |||
| CVE-2025-22866 | high | — | 8.0 | 1y ago | Important: delve and golang security update | |||
| CVE-2025-24189 | high | — | 8.0 | 1y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted w… | |||
| CVE-2025-30427 | high | — | 8.0 | 1y ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS… | |||
| CVE-2025-24208 | high | — | 8.0 | 1y ago | A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. | |||
| CVE-2025-24209 | high | — | 8.0 | 1y ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processi… | |||
| CVE-2025-24216 | high | — | 8.0 | 1y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processi… | |||
| CVE-2025-24813 | medium | — | 8.0 | 1y ago | Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request. | |||
| CVE-2025-3028 | high | — | 8.0 | 1y ago | JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunde… | |||
| CVE-2025-3030 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so… | |||
| CVE-2025-3029 | high | — | 8.0 | 1y ago | A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR … | |||
| CVE-2025-1080 | high | — | 8.0 | 1y ago | LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In th… | |||
| CVE-2025-22868 | high | — | 8.0 | 1y ago | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | |||
| CVE-2025-30204 | high | — | 8.0 | 1y ago | RHSA-2025:7967: osbuild-composer security update (Important) | |||
| CVE-2025-29786 | high | — | 8.0 | 1y ago | Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire strin… | |||
| CVE-2025-22869 | high | — | 8.0 | 1y ago | RHSA-2025:3210: container-tools:rhel8 security update (Important) | |||
| CVE-2025-21785 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bo… | |||
| CVE-2025-24855 | high | — | 8.0 | 1y ago | RHSA-2025:3615: libxslt security update (Important) | |||
| CVE-2025-27516 | high | — | 8.0 | 1y ago | RHSA-2025:3388: python-jinja2 security update (Important) | |||
| CVE-2025-0624 | high | — | 8.0 | 1y ago | Important: grub2 security update | |||
| CVE-2025-24928 | high | — | 8.0 | 1y ago | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted … | |||
| CVE-2025-24070 | high | — | 8.0 | 1y ago | RHSA-2025:2670: .NET 8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2025-26600 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26599 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26598 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26596 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26601 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26594 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26595 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-1932 | high | — | 8.0 | 1y ago | An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, … | |||
| CVE-2025-1936 | high | — | 8.0 | 1y ago | jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was u… | |||
| CVE-2025-1931 | high | — | 8.0 | 1y ago | It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ES… | |||
| CVE-2025-1938 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so… |