CVEs from 2025
Total
8,954
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.3%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62554 | high | 7.8 | 7.8 | 6mo ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-48615 | high | 7.8 | 7.8 | 6mo ago | In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execut… | |||
| CVE-2025-48612 | high | 7.8 | 7.8 | 6mo ago | In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to loc… | |||
| CVE-2025-13876 | high | 7.8 | 7.8 | 6mo ago | A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulat… | |||
| CVE-2025-38724 | high | 7.8 | 7.8 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39864 | high | 7.8 | 7.8 | 6mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-62199 | high | 7.8 | 7.8 | 7mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-21863 | high | 7.8 | 7.8 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21796 | high | 7.8 | 7.8 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21739 | high | 7.8 | 7.8 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-12875 | high | 7.8 | 7.8 | 7mo ago | A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/le… | |||
| CVE-2025-11277 | high | 7.8 | 7.8 | 7mo ago | Moderate: qt5-qt3d security update | |||
| CVE-2025-12745 | high | 7.8 | 7.8 | 7mo ago | A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-r… | |||
| CVE-2025-12341 | high | 7.8 | 7.8 | 7mo ago | A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulatio… | |||
| CVE-2025-8176 | high | 7.8 | 7.8 | 7mo ago | RHSA-2025:20034: libtiff security update (Important) | |||
| CVE-2025-12205 | high | 7.8 | 7.8 | 7mo ago | A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results … | |||
| CVE-2025-12204 | high | 7.8 | 7.8 | 7mo ago | A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to h… | |||
| CVE-2025-54808 | high | 7.8 | 7.8 | 8mo ago | Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on the host machine. This directo… | |||
| CVE-2025-39841 | high | 7.8 | 7.8 | 8mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39849 | high | 7.8 | 7.8 | 8mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-5555 | high | 7.8 | 7.8 | 8mo ago | A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to… | |||
| CVE-2025-59234 | high | 7.8 | 7.8 | 8mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-59227 | high | 7.8 | 7.8 | 8mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-33044 | high | 7.8 | 7.8 | 8mo ago | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerab… | |||
| CVE-2025-22832 | high | 7.8 | 7.8 | 8mo ago | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | |||
| CVE-2025-22831 | high | 7.8 | 7.8 | 8mo ago | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | |||
| CVE-2025-11275 | high | 7.8 | 7.8 | 8mo ago | A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/inclu… | |||
| CVE-2025-39913 | high | 7.8 | 7.8 | 8mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-11082 | high | 7.8 | 7.8 | 8mo ago | A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buff… | |||
| CVE-2025-11014 | high | 7.8 | 7.8 | 8mo ago | A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Im… | |||
| CVE-2025-11012 | high | 7.8 | 7.8 | 8mo ago | A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulatio… | |||
| CVE-2025-10997 | high | 7.8 | 7.8 | 9mo ago | A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer … | |||
| CVE-2025-10996 | high | 7.8 | 7.8 | 9mo ago | A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-… | |||
| CVE-2025-10995 | high | 7.8 | 7.8 | 9mo ago | A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such m… | |||
| CVE-2025-10994 | high | 7.8 | 7.8 | 9mo ago | A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possi… | |||
| CVE-2025-39860 | high | 7.8 | 7.8 | 9mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-10672 | high | 7.8 | 7.8 | 9mo ago | A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBattery… | |||
| CVE-2025-39835 | high | 7.8 | 7.8 | 9mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39828 | high | 7.8 | 7.8 | 9mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39824 | high | 7.8 | 7.8 | 9mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39823 | high | 7.8 | 7.8 | 9mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-39790 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains … | |||
| CVE-2025-39788 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32… | |||
| CVE-2025-39783 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_ep… | |||
| CVE-2025-39776 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table entr… | |||
| CVE-2025-39743 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGR_RE… | |||
| CVE-2025-39738 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes [BUG] There is an internal report that balance triggered transacti… | |||
| CVE-2025-39701 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime ve… | |||
| CVE-2025-39691 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bh_read() helper There's issue as follows: BUG: KASAN: stack-out-of-bounds in end_buffer_… | |||
| CVE-2025-39689 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of set_ftrace_filter and set_ftrace_notrace … | |||
| CVE-2025-39686 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `IN… | |||
| CVE-2025-38729 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable … | |||
| CVE-2025-38708 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts With `two-primaries` enabled, DRBD tries to detect "concurrent" writes and h… | |||
| CVE-2025-38707 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add sanity check for file name The length of the file name should be smaller than the directory entry size. | |||
| CVE-2025-38702 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1.… | |||
| CVE-2025-38699 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is fr… | |||
| CVE-2025-38697 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bou… | |||
| CVE-2025-38685 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2F… | |||
| CVE-2025-6020 | high | 7.8 | 7.8 | 9mo ago | Important: pam security update | |||
| CVE-2025-9815 | high | 7.8 | 7.8 | 9mo ago | A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener… | |||
| CVE-2025-38350 | high | 7.8 | 7.8 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38500 | high | 7.8 | 7.8 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38676 | high | 7.8 | 7.8 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environmen… | |||
| CVE-2025-9380 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation l… | |||
| CVE-2025-38627 | high | 7.8 | 7.8 | 10mo ago | Linux kernel (Xilinx) vulnerabilities | |||
| CVE-2025-9300 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation res… | |||
| CVE-2025-9176 | high | 7.8 | 7.8 | 10mo ago | A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os comm… | |||
| CVE-2025-5914 | high | 7.8 | 7.8 | 10mo ago | A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to… | |||
| CVE-2025-9175 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be p… | |||
| CVE-2025-9174 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os… | |||
| CVE-2025-38584 | high | 7.8 | 7.8 | 10mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-38250 | high | 7.8 | 7.8 | 10mo ago | Important: kernel security update | |||
| CVE-2025-38471 | high | 7.8 | 7.8 | 10mo ago | Important: kernel security update | |||
| CVE-2025-9091 | high | 7.8 | 7.8 | 10mo ago | A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials.… | |||
| CVE-2025-38552 | high | 7.8 | 7.8 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch betw… | |||
| CVE-2025-8964 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper aut… | |||
| CVE-2025-8962 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The mani… | |||
| CVE-2025-53732 | high | 7.8 | 7.8 | 10mo ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-8846 | high | 7.8 | 7.8 | 10mo ago | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to b… | |||
| CVE-2025-8845 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possibl… | |||
| CVE-2025-8843 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is… | |||
| CVE-2025-8842 | high | 7.8 | 7.8 | 10mo ago | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to … | |||
| CVE-2025-8837 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to … | |||
| CVE-2025-38079 | high | 7.8 | 7.8 | 10mo ago | Moderate: kernel security update | |||
| CVE-2025-8794 | high | 7.8 | 7.8 | 10mo ago | A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. Th… | |||
| CVE-2025-21726 | high | 7.8 | 7.8 | 10mo ago | Linux kernel (BlueField) vulnerabilities | |||
| CVE-2025-21727 | high | 7.8 | 7.8 | 10mo ago | Important: kernel security update | |||
| CVE-2025-7425 | high | 7.8 | 7.8 | 10mo ago | A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragm… | |||
| CVE-2025-5039 | high | 7.8 | 7.8 | 11mo ago | A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrust… | |||
| CVE-2025-7884 | high | 7.8 | 7.8 | 11mo ago | A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipul… | |||
| CVE-2025-7883 | high | 7.8 | 7.8 | 11mo ago | A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Po… | |||
| CVE-2025-7564 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the … | |||
| CVE-2025-7546 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation le… | |||
| CVE-2025-7545 | high | 7.8 | 7.8 | 11mo ago | A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-ba… | |||
| CVE-2025-38280 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 _… | |||
| CVE-2025-49702 | high | 7.8 | 7.8 | 11mo ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-38236 | high | 7.8 | 7.8 | 11mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2025-38212 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://l… | |||
| CVE-2025-38198 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will … | |||
| CVE-2025-6857 | high | 7.8 | 7.8 | 11mo ago | A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-b… |