CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-26599 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26598 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26596 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26595 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-26594 | high | — | 8.0 | 1y ago | Important: tigervnc security update | |||
| CVE-2025-1930 | high | — | 8.0 | 1y ago | On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability w… | |||
| CVE-2025-1935 | high | — | 8.0 | 1y ago | A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird… | |||
| CVE-2025-1933 | high | — | 8.0 | 1y ago | On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fix… | |||
| CVE-2025-1936 | high | — | 8.0 | 1y ago | jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was u… | |||
| CVE-2025-1937 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that w… | |||
| CVE-2025-1938 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so… | |||
| CVE-2025-1932 | high | — | 8.0 | 1y ago | An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, … | |||
| CVE-2025-1934 | high | — | 8.0 | 1y ago | It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was f… | |||
| CVE-2025-1931 | high | — | 8.0 | 1y ago | It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ES… | |||
| CVE-2025-24150 | high | — | 8.0 | 1y ago | A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command i… | |||
| CVE-2025-24162 | high | — | 8.0 | 1y ago | This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing malicio… | |||
| CVE-2025-24143 | high | — | 8.0 | 1y ago | The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted web… | |||
| CVE-2025-1244 | high | — | 8.0 | 1y ago | RHSA-2025:1917: emacs security update (Important) | |||
| CVE-2025-21491 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21546 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21522 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21497 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21505 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21494 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21504 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21501 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21500 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21503 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21518 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21520 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21525 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21529 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21555 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21540 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21543 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21559 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21536 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21521 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21519 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21534 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21523 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21531 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-23083 | high | — | 8.0 | 1y ago | Important: nodejs:20 security update | |||
| CVE-2025-23085 | high | — | 8.0 | 1y ago | Important: nodejs:20 security update | |||
| CVE-2025-22150 | high | — | 8.0 | 1y ago | Important: nodejs:20 security update | |||
| CVE-2025-0510 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1015 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1014 | high | — | 8.0 | 1y ago | Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird… | |||
| CVE-2025-1017 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so… | |||
| CVE-2025-1011 | high | — | 8.0 | 1y ago | A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Fir… | |||
| CVE-2025-1009 | high | — | 8.0 | 1y ago | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, T… | |||
| CVE-2025-1013 | high | — | 8.0 | 1y ago | A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Fi… | |||
| CVE-2025-1012 | high | — | 8.0 | 1y ago | A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. | |||
| CVE-2025-1016 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption a… | |||
| CVE-2025-1010 | high | — | 8.0 | 1y ago | An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 1… | |||
| CVE-2025-21176 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) | |||
| CVE-2025-21172 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) | |||
| CVE-2025-21171 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) | |||
| CVE-2025-21173 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) | |||
| CVE-2025-0237 | high | — | 8.0 | 1y ago | The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege… | |||
| CVE-2025-0238 | high | — | 8.0 | 1y ago | Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 12… | |||
| CVE-2025-0243 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so… | |||
| CVE-2025-0242 | high | — | 8.0 | 1y ago | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption a… | |||
| CVE-2025-0241 | high | — | 8.0 | 1y ago | When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, … | |||
| CVE-2025-0240 | high | — | 8.0 | 1y ago | Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128… | |||
| CVE-2025-0239 | high | — | 8.0 | 1y ago | When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbir… | |||
| CVE-2025-21614 | high | — | 8.0 | 1y ago | go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an att… | |||
| CVE-2025-21613 | high | — | 8.0 | 1y ago | go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vuln… | |||
| CVE-2025-43480 | high | — | 8.0 | 2y ago | The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrat… | |||
| CVE-2025-54574 | high | — | 8.0 | 3y ago | RHSA-2023:7668: squid:4 security update (Important) | |||
| CVE-2025-24158 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content … | |||
| CVE-2025-31206 | high | — | 8.0 | 3y ago | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11… | |||
| CVE-2025-24223 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously … | |||
| CVE-2025-24264 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processi… | |||
| CVE-2025-31204 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously … | |||
| CVE-2025-31215 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing malici… | |||
| CVE-2025-21867 | high | — | 8.0 | 3y ago | Important: kernel security update | |||
| CVE-2025-40890 | high | 7.9 | 7.9 | 6mo ago | A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. An authenticated low-privilege user can craft a malicio… | |||
| CVE-2025-59606 | high | 7.8 | 7.8 | 5d ago | Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. | |||
| CVE-2025-59605 | high | 7.8 | 7.8 | 5d ago | Memory Corruption when processing device identifier strings that exceed the expected maximum length. | |||
| CVE-2025-59604 | high | 7.8 | 7.8 | 5d ago | Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer. | |||
| CVE-2025-48652 | high | 7.8 | 7.8 | 5d ago | In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional … | |||
| CVE-2025-48649 | high | 7.8 | 7.8 | 5d ago | In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution… | |||
| CVE-2025-48570 | high | 7.8 | 7.8 | 5d ago | In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no ad… | |||
| CVE-2025-32348 | high | 7.8 | 7.8 | 5d ago | In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede… | |||
| CVE-2025-26418 | high | 7.8 | 7.8 | 5d ago | In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This c… | |||
| CVE-2025-22426 | high | 7.8 | 7.8 | 5d ago | In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional exe… | |||
| CVE-2025-22424 | high | 7.8 | 7.8 | 5d ago | In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2025-41281 | high | 7.8 | 7.8 | 8d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that al… | |||
| CVE-2025-41280 | high | 7.8 | 7.8 | 8d ago | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute cod… | |||
| CVE-2025-41278 | high | 7.8 | 7.8 | 8d ago | Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Ho… | |||
| CVE-2025-41670 | high | 7.8 | 7.8 | 11d ago | A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the … | |||
| CVE-2025-69600 | high | 7.8 | 7.8 | 11d ago | Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options. | |||
| CVE-2025-43306 | high | 7.8 | 7.8 | 11d ago | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges. | |||
| CVE-2025-32747 | high | 7.8 | 7.8 | 15d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi… | |||
| CVE-2025-71217 | high | 7.8 | 7.8 | 16d ago | An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please not… | |||
| CVE-2025-71216 | high | 7.8 | 7.8 | 16d ago | A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an att… | |||
| CVE-2025-71214 | high | 7.8 | 7.8 | 16d ago | An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attack… | |||
| CVE-2025-71213 | high | 7.8 | 7.8 | 16d ago | An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abili… | |||
| CVE-2025-71212 | high | 7.8 | 7.8 | 16d ago | A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the… |