CVEs from 2025
Total
8,935
critical
critical 1,363
high
high 2,047
medium
medium 2,041
low
low 204
% Critical
15.3%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7892 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation … | |||
| CVE-2025-7891 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest… | |||
| CVE-2025-7890 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest… | |||
| CVE-2025-7889 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component call… | |||
| CVE-2025-21991 | medium | — | 5.5 | 11mo ago | Moderate: kernel security update | |||
| CVE-2025-38347 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for mo… | |||
| CVE-2025-38312 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x8000… | |||
| CVE-2025-38285 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 g… | |||
| CVE-2025-7209 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The m… | |||
| CVE-2025-7207 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs H… | |||
| CVE-2025-24294 | medium | — | 5.5 | 11mo ago | RHSA-2025:23062: ruby:3.3 security update (Moderate) | |||
| CVE-2025-4673 | medium | — | 5.5 | 11mo ago | RHSA-2025:10672: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2025-22874 | medium | — | 5.5 | 11mo ago | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rath… | |||
| CVE-2025-48060 | medium | — | 5.5 | 11mo ago | jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash hap… | |||
| CVE-2025-5024 | medium | — | 5.5 | 11mo ago | RHSA-2025:10742: gnome-remote-desktop security update (Moderate) | |||
| CVE-2025-7069 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffe… | |||
| CVE-2025-7068 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attack… | |||
| CVE-2025-7067 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-b… | |||
| CVE-2025-38231 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfs… | |||
| CVE-2025-38222 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data… | |||
| CVE-2025-38215 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuf… | |||
| CVE-2025-38214 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate me… | |||
| CVE-2025-38192 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flip… | |||
| CVE-2025-38167 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may … | |||
| CVE-2025-38105 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver mig… | |||
| CVE-2025-38100 | medium | 5.5 | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fai… | |||
| CVE-2025-5702 | medium | — | 5.5 | 11mo ago | Moderate: glibc security update | |||
| CVE-2025-6858 | medium | 5.5 | 5.5 | 11mo ago | A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null point… | |||
| CVE-2025-24495 | medium | — | 5.5 | 1y ago | RHSA-2025:10991: microcode_ctl security update (Moderate) | |||
| CVE-2025-25724 | medium | — | 5.5 | 1y ago | Moderate: libarchive security update | |||
| CVE-2025-20012 | medium | — | 5.5 | 1y ago | RHSA-2025:10991: microcode_ctl security update (Moderate) | |||
| CVE-2025-5455 | medium | — | 5.5 | 1y ago | Moderate: qt5-qtbase security update | |||
| CVE-2025-20623 | medium | — | 5.5 | 1y ago | RHSA-2025:10991: microcode_ctl security update (Moderate) | |||
| CVE-2025-47268 | medium | — | 5.5 | 1y ago | Moderate: iputils security update | |||
| CVE-2025-6499 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipul… | |||
| CVE-2025-6498 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possibl… | |||
| CVE-2025-21919 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-21883 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-22104 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-3891 | medium | — | 5.5 | 1y ago | RHSA-2025:4597: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2025-37738 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-23150 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-6375 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation… | |||
| CVE-2025-38071 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblock_phys_alloc_range() At least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of … | |||
| CVE-2025-38067 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior… | |||
| CVE-2025-38063 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() ge… | |||
| CVE-2025-38058 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - … | |||
| CVE-2025-4748 | medium | — | 5.5 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is as… | |||
| CVE-2025-6101 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument f… | |||
| CVE-2025-49142 | medium | — | 5.5 | 1y ago | Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configu… | |||
| CVE-2025-4802 | medium | — | 5.5 | 1y ago | RHSA-2025:8686: glibc security update (Moderate) | |||
| CVE-2025-3454 | medium | — | 5.5 | 1y ago | Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana | |||
| CVE-2025-21964 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2025-37968 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twic… | |||
| CVE-2025-37931 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing… | |||
| CVE-2025-47273 | medium | — | 5.5 | 1y ago | Moderate: fence-agents security update | |||
| CVE-2025-27832 | medium | — | 5.5 | 1y ago | Moderate: ghostscript security update | |||
| CVE-2025-71151 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, th… | |||
| CVE-2025-0622 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |||
| CVE-2025-30472 | medium | — | 5.5 | 1y ago | Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. | |||
| CVE-2025-24528 | medium | — | 5.5 | 1y ago | RHSA-2025:2722: krb5 security update (Moderate) | |||
| CVE-2025-22087 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array… | |||
| CVE-2025-21888 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. … | |||
| CVE-2025-0938 | medium | — | 5.5 | 1y ago | The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only mean… | |||
| CVE-2025-68179 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashe… | |||
| CVE-2025-21668 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until a… | |||
| CVE-2025-21646 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs … | |||
| CVE-2025-21669 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we mu… | |||
| CVE-2025-1272 | medium | — | 5.5 | 1y ago | The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensiti… | |||
| CVE-2025-21663 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SI… | |||
| CVE-2025-21666 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() w… | |||
| CVE-2025-0677 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |||
| CVE-2025-0690 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |||
| CVE-2025-23419 | medium | — | 5.5 | 1y ago | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. Thi… | |||
| CVE-2025-21694 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the numb… | |||
| CVE-2025-21689 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb… | |||
| CVE-2025-4526 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing passw… | |||
| CVE-2025-37864 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete ds… | |||
| CVE-2025-32873 | medium | — | 5.5 | 1y ago | An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performan… | |||
| CVE-2025-2487 | medium | — | 5.5 | 1y ago | Moderate: 389-ds-base security update | |||
| CVE-2025-46734 | medium | — | 5.5 | 1y ago | league/commonmark contains a XSS vulnerability in Attributes extension | |||
| CVE-2025-37756 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unex… | |||
| CVE-2025-23160 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system com… | |||
| CVE-2025-23143 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observ… | |||
| CVE-2025-23141 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting… | |||
| CVE-2025-1734 | medium | — | 5.5 | 1y ago | Moderate: php:8.1 security update | |||
| CVE-2025-1217 | medium | — | 5.5 | 1y ago | Moderate: php:8.1 security update | |||
| CVE-2025-1219 | medium | — | 5.5 | 1y ago | Moderate: php:8.1 security update | |||
| CVE-2025-1736 | medium | — | 5.5 | 1y ago | Moderate: php:8.1 security update | |||
| CVE-2025-1861 | medium | — | 5.5 | 1y ago | Moderate: php:8.1 security update | |||
| CVE-2025-30698 | medium | — | 5.5 | 1y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2025-21587 | medium | — | 5.5 | 1y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2025-30691 | medium | — | 5.5 | 1y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2025-3198 | medium | 5.5 | 5.5 | 1y ago | A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objd… | |||
| CVE-2025-3196 | medium | 5.5 | 5.5 | 1y ago | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/M… | |||
| CVE-2025-31115 | medium | — | 5.5 | 1y ago | XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at lea… | |||
| CVE-2025-2786 | medium | — | 5.5 | 1y ago | Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2025-2842 | medium | — | 5.5 | 1y ago | Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2025-2926 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null point… | |||
| CVE-2025-2925 | medium | 5.5 | 5.5 | 1y ago | A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem le… |