CVEs from 2025
Total
8,987
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-38466 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle o… | |||
| CVE-2025-38465 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk->sk_rmem_alloc. Netlink has this pattern in some places if (atomic_read(&sk->sk_rmem_alloc) > s… | |||
| CVE-2025-38457 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. When… | |||
| CVE-2025-38451 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for ex… | |||
| CVE-2025-38430 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request… | |||
| CVE-2025-38364 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting a… | |||
| CVE-2025-7893 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresigh… | |||
| CVE-2025-7892 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation … | |||
| CVE-2025-7891 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest… | |||
| CVE-2025-7890 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest… | |||
| CVE-2025-7889 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component call… | |||
| CVE-2025-21991 | medium | — | 5.5 | 11mo ago | Moderate: kernel security update | |||
| CVE-2025-38347 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for mo… | |||
| CVE-2025-38312 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x8000… | |||
| CVE-2025-38285 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 g… | |||
| CVE-2025-7209 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The m… | |||
| CVE-2025-7207 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs H… | |||
| CVE-2025-22874 | medium | — | 5.5 | 11mo ago | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rath… | |||
| CVE-2025-24294 | medium | — | 5.5 | 11mo ago | RHSA-2025:23062: ruby:3.3 security update (Moderate) | |||
| CVE-2025-4673 | medium | — | 5.5 | 11mo ago | RHSA-2025:10672: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2025-5024 | medium | — | 5.5 | 11mo ago | RHSA-2025:10742: gnome-remote-desktop security update (Moderate) | |||
| CVE-2025-48060 | medium | — | 5.5 | 11mo ago | jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash hap… | |||
| CVE-2025-7069 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffe… | |||
| CVE-2025-7068 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attack… | |||
| CVE-2025-7067 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-b… | |||
| CVE-2025-38231 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfs… | |||
| CVE-2025-38222 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data… | |||
| CVE-2025-38215 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuf… | |||
| CVE-2025-38214 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate me… | |||
| CVE-2025-38192 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flip… | |||
| CVE-2025-38167 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may … | |||
| CVE-2025-38105 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver mig… | |||
| CVE-2025-38100 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fai… | |||
| CVE-2025-5702 | medium | — | 5.5 | 11mo ago | Moderate: glibc security update | |||
| CVE-2025-6858 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null point… | |||
| CVE-2025-24495 | medium | — | 5.5 | 1y ago | RHSA-2025:10991: microcode_ctl security update (Moderate) | |||
| CVE-2025-5455 | medium | — | 5.5 | 1y ago | Moderate: qt5-qtbase security update | |||
| CVE-2025-20623 | medium | — | 5.5 | 1y ago | RHSA-2025:10991: microcode_ctl security update (Moderate) | |||
| CVE-2025-47268 | medium | — | 5.5 | 1y ago | Moderate: iputils security update | |||
| CVE-2025-25724 | medium | — | 5.5 | 1y ago | Moderate: libarchive security update | |||
| CVE-2025-20012 | medium | — | 5.5 | 1y ago | RHSA-2025:10991: microcode_ctl security update (Moderate) | |||
| CVE-2025-6499 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipul… | |||
| CVE-2025-6498 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possibl… | |||
| CVE-2025-3891 | medium | — | 5.5 | 1y ago | RHSA-2025:4597: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2025-37738 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-23150 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-22104 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-21919 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-21883 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-6375 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation… | |||
| CVE-2025-38071 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblock_phys_alloc_range() At least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of … | |||
| CVE-2025-38067 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior… | |||
| CVE-2025-38063 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() ge… | |||
| CVE-2025-38058 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - … | |||
| CVE-2025-4748 | medium | — | 5.5 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is as… | |||
| CVE-2025-6101 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument f… | |||
| CVE-2025-49142 | medium | — | 5.5 | 1y ago | Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configu… | |||
| CVE-2025-4802 | medium | — | 5.5 | 1y ago | RHSA-2025:8686: glibc security update (Moderate) | |||
| CVE-2025-3454 | medium | — | 5.5 | 1y ago | Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana | |||
| CVE-2025-21964 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-37968 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twic… | |||
| CVE-2025-37931 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing… | |||
| CVE-2025-47273 | medium | — | 5.5 | 1y ago | Moderate: fence-agents security update | |||
| CVE-2025-27832 | medium | — | 5.5 | 1y ago | Moderate: ghostscript security update | |||
| CVE-2025-23419 | medium | — | 5.5 | 1y ago | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. Thi… | |||
| CVE-2025-21694 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the numb… | |||
| CVE-2025-30472 | medium | — | 5.5 | 1y ago | Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. | |||
| CVE-2025-21689 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb… | |||
| CVE-2025-22087 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array… | |||
| CVE-2025-24528 | medium | — | 5.5 | 1y ago | RHSA-2025:2722: krb5 security update (Moderate) | |||
| CVE-2025-71151 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, th… | |||
| CVE-2025-21669 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we mu… | |||
| CVE-2025-68179 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashe… | |||
| CVE-2025-21666 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() w… | |||
| CVE-2025-21663 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SI… | |||
| CVE-2025-0622 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |||
| CVE-2025-21888 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. … | |||
| CVE-2025-21668 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until a… | |||
| CVE-2025-21646 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs … | |||
| CVE-2025-0677 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |||
| CVE-2025-0690 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |||
| CVE-2025-1272 | medium | — | 5.5 | 1y ago | The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensiti… | |||
| CVE-2025-0938 | medium | — | 5.5 | 1y ago | The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only mean… | |||
| CVE-2025-4526 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing passw… | |||
| CVE-2025-37864 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete ds… | |||
| CVE-2025-32873 | medium | — | 5.5 | 1y ago | An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performan… | |||
| CVE-2025-2487 | medium | — | 5.5 | 1y ago | Moderate: 389-ds-base security update | |||
| CVE-2025-46734 | medium | — | 5.5 | 1y ago | league/commonmark contains a XSS vulnerability in Attributes extension | |||
| CVE-2025-37756 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unex… | |||
| CVE-2025-23160 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system com… | |||
| CVE-2025-23143 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observ… | |||
| CVE-2025-23141 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting… | |||
| CVE-2025-1219 | medium | — | 5.5 | 1y ago | In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-… | |||
| CVE-2025-1217 | medium | — | 5.5 | 1y ago | In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are … | |||
| CVE-2025-1736 | medium | — | 5.5 | 1y ago | In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line chara… | |||
| CVE-2025-1861 | medium | — | 5.5 | 1y ago | In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit o… | |||
| CVE-2025-1734 | medium | — | 5.5 | 1y ago | In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as v… | |||
| CVE-2025-30698 | medium | — | 5.5 | 1y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2025-30691 | medium | — | 5.5 | 1y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2025-21587 | medium | — | 5.5 | 1y ago | Moderate: java-1.8.0-openjdk security update |