CVEs from 2025
Total
8,956
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.3%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22687 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4. | |||
| CVE-2025-22678 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8. | |||
| CVE-2025-47620 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Mart… | |||
| CVE-2025-46452 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1. | |||
| CVE-2025-39381 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4. | |||
| CVE-2025-39583 | high | 7.1 | 7.1 | 1y ago | Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/… | |||
| CVE-2025-32564 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tomroyal Stop Registration Spam allows Reflected XSS. This issue affects Stop Registration Spam: … | |||
| CVE-2025-32548 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in borisolhor Hamburger Icon Menu Lite allows Reflected XSS. This issue affects Hamburger Icon Menu … | |||
| CVE-2025-32545 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommer… | |||
| CVE-2025-27346 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild… | |||
| CVE-2025-22107 | high | 7.1 | 7.1 | 1y ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-22263 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through… | |||
| CVE-2025-32553 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a … | |||
| CVE-2025-32616 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4. | |||
| CVE-2025-31418 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6. | |||
| CVE-2025-31384 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5. | |||
| CVE-2025-30808 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue af… | |||
| CVE-2025-23995 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5. | |||
| CVE-2025-28858 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Maps ap-google-maps allows Reflected XSS.This issue affects Arrow Maps: from … | |||
| CVE-2025-30584 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter alphaomega-captcha-anti-spam allows Stored XSS.This issue affects AlphaOmega Captcha & Anti-… | |||
| CVE-2025-26972 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | |||
| CVE-2025-26879 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a thr… | |||
| CVE-2025-25129 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Callback Request allows Reflected XSS. This issue affects Callback Request: from n/a thr… | |||
| CVE-2025-23520 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecureSubmit Heartland Management Terminal allows Reflected XSS. This issue affects Heartland Man… | |||
| CVE-2025-21719 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipmr: do not call mr_mfc_uses_dev() for unres entries syzbot found that calling mr_mfc_uses_dev() for unres entries would crash [… | |||
| CVE-2025-22680 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: from n/a throu… | |||
| CVE-2025-23790 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS. This issue affects Easy Code Placement: fro… | |||
| CVE-2025-26570 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9. | |||
| CVE-2025-26569 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Callmeforsox Post Thumbs allows Stored XSS. This issue affects Post Thumbs: from n/a through 1.5. | |||
| CVE-2025-22794 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World C… | |||
| CVE-2025-24781 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1. | |||
| CVE-2025-24749 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SS… | |||
| CVE-2025-23806 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe ultimate-subscribe allows Reflected XSS.This issue affects Ultimate Subscribe: from n/a through <= 1.3. | |||
| CVE-2025-22711 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affect… | |||
| CVE-2025-22706 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box… | |||
| CVE-2025-23815 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6. | |||
| CVE-2025-23760 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1. | |||
| CVE-2025-23689 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 thr… | |||
| CVE-2025-23559 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.This issue affects MemeOne: from n/a through 2.0.5. | |||
| CVE-2025-23432 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through … | |||
| CVE-2025-23429 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altima-interactive Altima Lookbook Free for WooCommerce altima-lookbook-free-for-woocommerce allo… | |||
| CVE-2025-22793 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos e… | |||
| CVE-2025-22754 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Klein Center Amber amberlink allows Reflected XSS.This issue affects Amber: from n/a thro… | |||
| CVE-2025-22295 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto… | |||
| CVE-2025-22353 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bvads BVD Easy Gallery Manager bvd-easy-gallery-manager allows Reflected XSS.This issue affects B… | |||
| CVE-2025-46284 | high | 7.0 | 7.0 | 12d ago | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges. | |||
| CVE-2025-71215 | high | 7.0 | 7.0 | 17d ago | A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. … | |||
| CVE-2025-47407 | high | 7.0 | 7.0 | 1mo ago | Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level. | |||
| CVE-2025-14821 | high | 7.0 | 7.0 | 2mo ago | A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a si… | |||
| CVE-2025-71221 | high | 7.0 | 7.0 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free … | |||
| CVE-2025-21702 | high | 7.0 | 7.0 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-39702 | high | 7.0 | 7.0 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-12247 | high | 7.0 | 7.0 | 7mo ago | A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted s… | |||
| CVE-2025-11489 | high | 7.0 | 7.0 | 8mo ago | A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulatio… | |||
| CVE-2025-39826 | high | 7.0 | 7.0 | 9mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39759 | high | 7.0 | 7.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another r… | |||
| CVE-2025-39749 | high | 7.0 | 7.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked with… | |||
| CVE-2025-9778 | high | 7.0 | 7.0 | 9mo ago | A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation lea… | |||
| CVE-2025-9731 | high | 7.0 | 7.0 | 9mo ago | A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes har… | |||
| CVE-2025-9577 | high | 7.0 | 7.0 | 9mo ago | A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulat… | |||
| CVE-2025-9576 | high | 7.0 | 7.0 | 9mo ago | A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of… | |||
| CVE-2025-9309 | high | 7.0 | 7.0 | 10mo ago | A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded creden… | |||
| CVE-2025-9016 | high | 7.0 | 7.0 | 10mo ago | A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the compon… | |||
| CVE-2025-9000 | high | 7.0 | 7.0 | 10mo ago | A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontro… | |||
| CVE-2025-8907 | high | 7.0 | 7.0 | 10mo ago | A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unneces… | |||
| CVE-2025-8758 | high | 7.0 | 7.0 | 10mo ago | A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege viola… | |||
| CVE-2025-8757 | high | 7.0 | 7.0 | 10mo ago | A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa W… |