CVEs from 2025
Total
8,954
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.3%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-37819 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-40158 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-38022 | medium | — | 5.5 | 4mo ago | Linux kernel (Low Latency NVIDIA) vulnerabilities | |||
| CVE-2025-40170 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-15564 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. T… | |||
| CVE-2025-14104 | medium | — | 5.5 | 4mo ago | Moderate: util-linux security update | |||
| CVE-2025-38568 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-40251 | medium | 5.5 | 5.5 | 4mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-40154 | medium | — | 5.5 | 4mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-71191 | medium | 5.5 | 5.5 | 4mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-71190 | medium | 5.5 | 5.5 | 4mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-71189 | medium | 5.5 | 5.5 | 4mo ago | Linux kernel vulnerabilities | |||
| CVE-2025-71188 | medium | 5.5 | 5.5 | 4mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-71186 | medium | 5.5 | 5.5 | 4mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-71185 | medium | 5.5 | 5.5 | 4mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-54349 | medium | — | 5.5 | 4mo ago | RHSA-2026:1592: iperf3 security update (Moderate) | |||
| CVE-2025-14178 | medium | — | 5.5 | 4mo ago | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of … | |||
| CVE-2025-12084 | medium | — | 5.5 | 4mo ago | Moderate: python3.12 security update | |||
| CVE-2025-14177 | medium | — | 5.5 | 4mo ago | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn se… | |||
| CVE-2025-71161 | medium | 5.5 | 5.5 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause deni… | |||
| CVE-2025-4763 | medium | 5.5 | 5.5 | 5mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS. This … | |||
| CVE-2025-67725 | medium | — | 5.5 | 5mo ago | RHSA-2026:0930: pcs security update (Moderate) | |||
| CVE-2025-67726 | medium | — | 5.5 | 5mo ago | RHSA-2026:0930: pcs security update (Moderate) | |||
| CVE-2025-15537 | medium | 5.5 | 5.5 | 5mo ago | A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to… | |||
| CVE-2025-15536 | medium | 5.5 | 5.5 | 5mo ago | OpenCC vulnerability | |||
| CVE-2025-46397 | medium | — | 5.5 | 5mo ago | RHSA-2026:0756: transfig security update (Moderate) | |||
| CVE-2025-13454 | medium | 5.5 | 5.5 | 5mo ago | A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | |||
| CVE-2025-14242 | medium | — | 5.5 | 5mo ago | RHSA-2026:0608: vsftpd security update (Moderate) | |||
| CVE-2025-68823 | medium | 5.5 | 5.5 | 5mo ago | Linux kernel vulnerabilities | |||
| CVE-2025-12817 | medium | — | 5.5 | 5mo ago | Moderate: postgresql:15 security update | |||
| CVE-2025-39883 | medium | — | 5.5 | 5mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-39840 | medium | — | 5.5 | 5mo ago | Moderate: kernel security update | |||
| CVE-2025-40240 | medium | — | 5.5 | 5mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-12818 | medium | — | 5.5 | 5mo ago | Moderate: postgresql:15 security update | |||
| CVE-2025-15504 | medium | 5.5 | 5.5 | 5mo ago | LIEF is vulnerable to segmentation fault | |||
| CVE-2025-61915 | medium | — | 5.5 | 5mo ago | RHSA-2026:0596: cups security update (Moderate) | |||
| CVE-2025-58436 | medium | — | 5.5 | 5mo ago | RHSA-2026:0596: cups security update (Moderate) | |||
| CVE-2025-32365 | medium | — | 5.5 | 5mo ago | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | |||
| CVE-2025-45582 | medium | — | 5.5 | 5mo ago | Moderate: tar security update | |||
| CVE-2025-15419 | medium | 5.5 | 5.5 | 5mo ago | A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow … | |||
| CVE-2025-15418 | medium | 5.5 | 5.5 | 5mo ago | A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE L… | |||
| CVE-2025-15417 | medium | 5.5 | 5.5 | 5mo ago | A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such… | |||
| CVE-2025-14957 | medium | 5.5 | 5.5 | 6mo ago | A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builde… | |||
| CVE-2025-1220 | medium | — | 5.5 | 6mo ago | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null cha… | |||
| CVE-2025-6491 | medium | — | 5.5 | 6mo ago | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null … | |||
| CVE-2025-1735 | medium | — | 5.5 | 6mo ago | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This coul… | |||
| CVE-2025-5987 | medium | — | 5.5 | 6mo ago | Moderate: libssh security update | |||
| CVE-2025-8291 | medium | — | 5.5 | 6mo ago | The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD re… | |||
| CVE-2025-38499 | medium | 5.5 | 5.5 | 6mo ago | Important: kernel security update | |||
| CVE-2025-61984 | medium | — | 5.5 | 6mo ago | ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrus… | |||
| CVE-2025-61985 | medium | — | 5.5 | 6mo ago | ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. | |||
| CVE-2025-53053 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53054 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53062 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53069 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53040 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53044 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53045 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53042 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-39979 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39925 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-48600 | medium | 5.5 | 5.5 | 6mo ago | In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privilege… | |||
| CVE-2025-11222 | medium | — | 5.5 | 6mo ago | Central Dogma's Login Function Has an Open Redirect Vulnerability | |||
| CVE-2025-14010 | medium | 5.5 | 5.5 | 6mo ago | Ansible Community General Collection is vulnerable to exposure of sensitive information | |||
| CVE-2025-39918 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39955 | medium | — | 5.5 | 6mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-39898 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-40185 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-40186 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a l… | |||
| CVE-2025-40058 | medium | — | 5.5 | 6mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-9714 | medium | 5.5 | 5.5 | 6mo ago | Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPat… | |||
| CVE-2025-39981 | medium | — | 5.5 | 6mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39843 | medium | 5.5 | 5.5 | 7mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-58183 | medium | — | 5.5 | 7mo ago | tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause … | |||
| CVE-2025-40047 | medium | — | 5.5 | 7mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39982 | medium | — | 5.5 | 7mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39881 | medium | — | 5.5 | 7mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39983 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when proces… | |||
| CVE-2025-39971 | medium | — | 5.5 | 7mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-39973 | medium | — | 5.5 | 7mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-13199 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '.… | |||
| CVE-2025-13120 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approache… | |||
| CVE-2025-22247 | medium | — | 5.5 | 7mo ago | RHBA-2026:0860: open-vm-tools bug fix and enhancement update (Moderate) | |||
| CVE-2025-21826 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38013 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating th… | |||
| CVE-2025-21861 | medium | — | 5.5 | 7mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-21844 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38288 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Correct kernel call trace when calling smp_processor_id… | |||
| CVE-2025-23129 | medium | — | 5.5 | 7mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-38127 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This me… | |||
| CVE-2025-21846 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21864 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22092 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference d… | |||
| CVE-2025-22116 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will caus… | |||
| CVE-2025-37825 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_ena… | |||
| CVE-2025-21691 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21828 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21829 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21853 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21902 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the … |