CVEs from 2025
Total
8,945
critical
critical 1,360
high
high 2,043
medium
medium 2,031
low
low 202
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43992 | medium | 5.6 | 5.6 | 25d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica… | |||
| CVE-2025-14660 | medium | 5.6 | 5.6 | 6mo ago | A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain H… | |||
| CVE-2025-14087 | medium | 5.6 | 5.6 | 6mo ago | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GV… | |||
| CVE-2025-14276 | medium | 5.6 | 5.6 | 6mo ago | A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command… | |||
| CVE-2025-13948 | medium | 5.6 | 5.6 | 6mo ago | A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Exec… | |||
| CVE-2025-13877 | medium | 5.6 | 5.6 | 6mo ago | Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments | |||
| CVE-2025-5025 | medium | — | 5.5 | — | libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolf… | |||
| CVE-2025-47203 | medium | — | 5.5 | — | dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. | |||
| CVE-2025-4947 | medium | — | 5.5 | — | libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-mid… | |||
| CVE-2025-2703 | medium | — | 5.5 | — | multiple issues in grafana | |||
| CVE-2025-46807 | medium | — | 5.5 | — | A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh … | |||
| CVE-2025-70100 | medium | 5.5 | 5.5 | 2d ago | A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi… | |||
| CVE-2025-5085 | medium | 5.5 | 5.5 | 3d ago | The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization an… | |||
| CVE-2025-59609 | medium | 5.5 | 5.5 | 4d ago | Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. | |||
| CVE-2025-48648 | medium | 5.5 | 5.5 | 4d ago | In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges need… | |||
| CVE-2025-60495 | medium | 5.5 | 5.5 | 4d ago | A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a … | |||
| CVE-2025-60486 | medium | 5.5 | 5.5 | 4d ago | A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file. | |||
| CVE-2025-60485 | medium | 5.5 | 5.5 | 4d ago | A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a cr… | |||
| CVE-2025-60483 | medium | 5.5 | 5.5 | 4d ago | A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) … | |||
| CVE-2025-60481 | medium | 5.5 | 5.5 | 4d ago | A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted… | |||
| CVE-2025-55664 | medium | 5.5 | 5.5 | 4d ago | A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | |||
| CVE-2025-53020 | medium | — | 5.5 | 5d ago | Moderate: mod_http2 security update | |||
| CVE-2025-15649 | medium | 5.5 | 5.5 | 10d ago | IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification da… | |||
| CVE-2025-68712 | medium | 5.5 | 5.5 | 10d ago | SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mec… | |||
| CVE-2025-43451 | medium | 5.5 | 5.5 | 10d ago | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |||
| CVE-2025-46307 | medium | 5.5 | 5.5 | 10d ago | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |||
| CVE-2025-46280 | medium | 5.5 | 5.5 | 10d ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination. | |||
| CVE-2025-43289 | medium | 5.5 | 5.5 | 10d ago | A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data. | |||
| CVE-2025-43290 | medium | 5.5 | 5.5 | 10d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file … | |||
| CVE-2025-13755 | medium | 5.5 | 5.5 | 10d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local … | |||
| CVE-2025-66407 | medium | — | 5.5 | 10d ago | Weblate has a Server-Side Request Forgery issue | |||
| CVE-2025-46371 | medium | 5.5 | 5.5 | 14d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially explo… | |||
| CVE-2025-32751 | medium | 5.5 | 5.5 | 14d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi… | |||
| CVE-2025-32746 | medium | 5.5 | 5.5 | 14d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnera… | |||
| CVE-2025-57798 | medium | 5.5 | 5.5 | 17d ago | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input … | |||
| CVE-2025-38470 | medium | 5.5 | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on… | |||
| CVE-2025-38405 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128… | |||
| CVE-2025-38441 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_… | |||
| CVE-2025-38400 | medium | 5.5 | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio… | |||
| CVE-2025-38097 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen… | |||
| CVE-2025-40134 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le… | |||
| CVE-2025-38166 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:… | |||
| CVE-2025-11411 | medium | — | 5.5 | 18d ago | Moderate: unbound security update | |||
| CVE-2025-38279 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w… | |||
| CVE-2025-38015 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d… | |||
| CVE-2025-12748 | medium | 5.5 | 5.5 | 18d ago | Moderate: libvirt security update | |||
| CVE-2025-37980 | medium | — | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe… | |||
| CVE-2025-22105 | medium | 5.5 | 5.5 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec… | |||
| CVE-2025-32425 | medium | 5.5 | 5.5 | 23d ago | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the c… | |||
| CVE-2025-14767 | medium | 5.5 | 5.5 | 23d ago | The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all versions up to, and inc… | |||
| CVE-2025-71302 | medium | 5.5 | 5.5 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules… | |||
| CVE-2025-71301 | medium | 5.5 | 5.5 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and … | |||
| CVE-2025-71300 | medium | 5.5 | 5.5 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-T… | |||
| CVE-2025-71299 | medium | 5.5 | 5.5 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled … | |||
| CVE-2025-71298 | medium | 5.5 | 5.5 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the … | |||
| CVE-2025-71297 | medium | 5.5 | 5.5 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the chip… | |||
| CVE-2025-71296 | medium | 5.5 | 5.5 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock around calls to the ob… | |||
| CVE-2025-71295 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in try_to_free_buffers() for folios without buffers try_to_free_buffers() can be called on folios with no bu… | |||
| CVE-2025-71294 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer issue buffer funcs If SDMA block not enabled, buffer_funcs will not initialize, fix the null pointer… | |||
| CVE-2025-71293 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocatio… | |||
| CVE-2025-71292 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for som… | |||
| CVE-2025-71291 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() In the function bcm_vk_read(), the pointer entry is checked… | |||
| CVE-2025-71290 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: misc: ti_fpc202: fix a potential memory leak in probe function Use for_each_child_of_node_scoped() to simplify the code and ensur… | |||
| CVE-2025-71289 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attr_set_size() errors when truncating files If attr_set_size() fails while truncating down, the error is silent… | |||
| CVE-2025-71288 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during com… | |||
| CVE-2025-71287 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb p… | |||
| CVE-2025-71286 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_dat… | |||
| CVE-2025-71285 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI s… | |||
| CVE-2025-71273 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This a… | |||
| CVE-2025-71272 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly rel… | |||
| CVE-2025-71271 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changi… | |||
| CVE-2025-47406 | medium | 5.5 | 5.5 | 1mo ago | Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | |||
| CVE-2025-36335 | medium | 5.5 | 5.5 | 1mo ago | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | |||
| CVE-2025-62233 | medium | — | 5.5 | 1mo ago | Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability | |||
| CVE-2025-65116 | medium | 5.5 | 5.5 | 2mo ago | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Man… | |||
| CVE-2025-48651 | medium | 5.5 | 5.5 | 2mo ago | In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no … | |||
| CVE-2025-38109 | medium | — | 5.5 | 2mo ago | Moderate: kernel security update | |||
| CVE-2025-71238 | medium | — | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page f… | |||
| CVE-2025-10158 | medium | — | 5.5 | 2mo ago | RHSA-2026:6436: rsync security update (Moderate) | |||
| CVE-2025-40096 | medium | — | 5.5 | 2mo ago | Moderate: kernel security update | |||
| CVE-2025-38180 | medium | — | 5.5 | 2mo ago | Moderate: kernel security update | |||
| CVE-2025-71270 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory a… | |||
| CVE-2025-71269 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, … | |||
| CVE-2025-71268 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction,… | |||
| CVE-2025-71267 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can le… | |||
| CVE-2025-71266 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indx_find to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can… | |||
| CVE-2025-71265 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file sys… | |||
| CVE-2025-71239 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute… | |||
| CVE-2025-39818 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2025-15367 | medium | — | 5.5 | 3mo ago | The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters. | |||
| CVE-2025-15366 | medium | — | 5.5 | 3mo ago | The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters. | |||
| CVE-2025-68800 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2025-38106 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2025-12801 | medium | — | 5.5 | 3mo ago | RHSA-2026:3938: nfs-utils security update (Moderate) | |||
| CVE-2025-40168 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2025-71085 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2025-14905 | medium | — | 5.5 | 3mo ago | RHSA-2026:5513: 389-ds:1.4 security update (Moderate) | |||
| CVE-2025-38129 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2025-38206 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2025-15281 | medium | — | 5.5 | 4mo ago | RHSA-2026:4772: glibc security update (Moderate) |