CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7756 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to… | |||
| CVE-2025-7625 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download… | |||
| CVE-2025-7579 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular… | |||
| CVE-2025-7567 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/system_type le… | |||
| CVE-2025-7488 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the f… | |||
| CVE-2025-7078 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The… | |||
| CVE-2025-29001 | medium | 4.3 | 4.3 | 11mo ago | Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: … | |||
| CVE-2025-6951 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default cred… | |||
| CVE-2025-6866 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forum_downloadfile.php. The manipulation of the argum… | |||
| CVE-2025-6865 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request f… | |||
| CVE-2025-6864 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to … | |||
| CVE-2025-6854 | medium | 4.3 | 4.3 | 11mo ago | Langchain-Chatchat vulnerable to path traversal | |||
| CVE-2025-6664 | medium | 4.3 | 4.3 | 1y ago | A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forger… | |||
| CVE-2025-6552 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of … | |||
| CVE-2025-6532 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint… | |||
| CVE-2025-6531 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The mani… | |||
| CVE-2025-6528 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP … | |||
| CVE-2025-6525 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handl… | |||
| CVE-2025-6478 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site requ… | |||
| CVE-2025-6476 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It… | |||
| CVE-2025-6453 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. Th… | |||
| CVE-2025-49982 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: f… | |||
| CVE-2025-49977 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Cross Site Request Forgery.This issue affects WP Inventory Manager: from n/a through <… | |||
| CVE-2025-6341 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The… | |||
| CVE-2025-6284 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The … | |||
| CVE-2025-6268 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads… | |||
| CVE-2025-6109 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/… | |||
| CVE-2025-6106 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to c… | |||
| CVE-2025-6092 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the comp… | |||
| CVE-2025-5885 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. Th… | |||
| CVE-2025-5880 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument f… | |||
| CVE-2025-5766 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The … | |||
| CVE-2025-29005 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: … | |||
| CVE-2025-27359 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n… | |||
| CVE-2025-5714 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Info… | |||
| CVE-2025-46257 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0. | |||
| CVE-2025-4476 | medium | 4.3 | 4.3 | 1y ago | A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a spe… | |||
| CVE-2025-31639 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7. | |||
| CVE-2025-31068 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4. | |||
| CVE-2025-47594 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5. | |||
| CVE-2025-30965 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a. | |||
| CVE-2025-32227 | medium | 4.3 | 4.3 | 1y ago | Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0. | |||
| CVE-2025-32276 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02. | |||
| CVE-2025-31808 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor scss-wp-editor allows Cross Site Request Forgery.This issue affects SCSS WP Editor: from n/a through <= 1.2.1. | |||
| CVE-2025-31602 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1. | |||
| CVE-2025-31544 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit Fo… | |||
| CVE-2025-26925 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3. | |||
| CVE-2025-26948 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||
| CVE-2025-24744 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3. | |||
| CVE-2025-24653 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhanc… | |||
| CVE-2025-24625 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access C… | |||
| CVE-2025-22319 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. | |||
| CVE-2025-62439 | medium | 4.2 | 4.2 | 4mo ago | An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, For… | |||
| CVE-2025-11644 | medium | 4.2 | 4.2 | 8mo ago | A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure s… | |||
| CVE-2025-0876 | medium | 4.1 | 4.1 | 8mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site … | |||
| CVE-2025-9796 | medium | 4.1 | 4.1 | 9mo ago | A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results i… | |||
| CVE-2025-6849 | medium | 4.1 | 4.1 | 11mo ago | A vulnerability, which was classified as problematic, was found in code-projects Simple Forum 1.0. Affected is an unknown function of the file /forum_edit1.php. The manipulation of the argument text … | |||
| CVE-2025-6699 | medium | 4.1 | 4.1 | 1y ago | A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro … | |||
| CVE-2025-6698 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of th… | |||
| CVE-2025-6697 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrad… | |||
| CVE-2025-6696 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cada… | |||
| CVE-2025-6695 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Ad… | |||
| CVE-2025-6694 | medium | 4.1 | 4.1 | 1y ago | A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Ad… | |||
| CVE-2025-5886 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post l… | |||
| CVE-2025-9820 | medium | 4.0 | 4.0 | 3mo ago | RHSA-2026:5585: gnutls security update (Moderate) | |||
| CVE-2025-69418 | medium | 4.0 | 4.0 | 4mo ago | Important: openssl security update | |||
| CVE-2025-11650 | medium | 4.0 | 4.0 | 8mo ago | A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can l… | |||
| CVE-2025-5962 | medium | — | — | 9mo ago | RHSA-2025:16346: command-line-assistant security update (Moderate) |