CVEs from 2025
Total
8,935
critical
critical 1,356
high
high 2,040
medium
medium 2,028
low
low 202
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58947 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Ath… | |||
| CVE-2025-58946 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Voc… | |||
| CVE-2025-58945 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58944 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue… | |||
| CVE-2025-58943 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Agricola agricola allows PHP Local File Inclusion.This issue affec… | |||
| CVE-2025-58942 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwe… | |||
| CVE-2025-58941 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects F… | |||
| CVE-2025-58940 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Bas… | |||
| CVE-2025-58937 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58936 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catamaran catamaran allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58934 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes The Gig thegig allows PHP Local File Inclusion.This issue affects … | |||
| CVE-2025-58933 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects A… | |||
| CVE-2025-58932 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects P… | |||
| CVE-2025-58931 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58930 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58929 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects P… | |||
| CVE-2025-49366 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue affects … | |||
| CVE-2025-49365 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue af… | |||
| CVE-2025-49364 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.Thi… | |||
| CVE-2025-49363 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This … | |||
| CVE-2025-49362 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioza allows PHP Local File Inclusion.This issue affe… | |||
| CVE-2025-49361 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue affects … | |||
| CVE-2025-49360 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This is… | |||
| CVE-2025-49359 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issu… | |||
| CVE-2025-14111 | high | 8.1 | 8.1 | 6mo ago | A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. … | |||
| CVE-2025-14016 | high | 8.1 | 8.1 | 6mo ago | A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to… | |||
| CVE-2025-13813 | high | 8.1 | 8.1 | 6mo ago | A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation le… | |||
| CVE-2025-13468 | high | 8.1 | 8.1 | 7mo ago | A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/… | |||
| CVE-2025-13435 | high | 8.1 | 8.1 | 7mo ago | Resty has a Path Traversal vulnerability | |||
| CVE-2025-8855 | high | 8.1 | 8.1 | 7mo ago | Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage … | |||
| CVE-2025-11959 | high | 8.1 | 8.1 | 7mo ago | Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management… | |||
| CVE-2025-58995 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Leblix leblix allows PHP Local File Inclusion.This issue affe… | |||
| CVE-2025-58994 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Greenify greenify allows PHP Local File Inclusion.This issue affe… | |||
| CVE-2025-48290 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects K… | |||
| CVE-2025-48090 | high | 8.1 | 8.1 | 7mo ago | Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a throu… | |||
| CVE-2025-12615 | high | 8.1 | 8.1 | 7mo ago | A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads… | |||
| CVE-2025-12547 | high | 8.1 | 8.1 | 7mo ago | A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads t… | |||
| CVE-2025-12283 | high | 8.1 | 8.1 | 7mo ago | A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launch… | |||
| CVE-2025-58967 | high | 8.1 | 8.1 | 8mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58958 | high | 8.1 | 8.1 | 8mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affec… | |||
| CVE-2025-11941 | high | 8.1 | 8.1 | 8mo ago | A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulati… | |||
| CVE-2025-11938 | high | 8.1 | 8.1 | 8mo ago | A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DB_PASSWORD/ROOT_PATH/URL re… | |||
| CVE-2025-11853 | high | 8.1 | 8.1 | 8mo ago | A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access … | |||
| CVE-2025-49552 | high | 8.1 | 8.1 | 8mo ago | Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a vi… | |||
| CVE-2025-11646 | high | 8.1 | 8.1 | 8mo ago | A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The atta… | |||
| CVE-2025-11609 | high | 8.1 | 8.1 | 8mo ago | A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secre… | |||
| CVE-2025-11290 | high | 8.1 | 8.1 | 8mo ago | A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads t… | |||
| CVE-2025-9566 | high | 8.1 | 8.1 | 9mo ago | RHSA-2025:15904: container-tools:rhel8 security update (Important) | |||
| CVE-2025-54709 | high | 8.1 | 8.1 | 9mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. | |||
| CVE-2025-9801 | high | 8.1 | 8.1 | 9mo ago | A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path tra… | |||
| CVE-2025-53243 | high | 8.1 | 8.1 | 9mo ago | Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affect… | |||
| CVE-2025-9262 | high | 8.1 | 8.1 | 10mo ago | wong2 mcp-cli Command Injection Vulnerability | |||
| CVE-2025-49438 | high | 8.1 | 8.1 | 10mo ago | Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3. | |||
| CVE-2025-47219 | high | 8.1 | 8.1 | 10mo ago | In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. | |||
| CVE-2025-7947 | high | 8.1 | 8.1 | 11mo ago | A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument … | |||
| CVE-2025-7628 | high | 8.1 | 8.1 | 11mo ago | A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /dele… | |||
| CVE-2025-7079 | high | 8.1 | 8.1 | 11mo ago | A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the… | |||
| CVE-2025-52813 | high | 8.1 | 8.1 | 11mo ago | Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5. | |||
| CVE-2025-7060 | high | 8.1 | 8.1 | 11mo ago | A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer… | |||
| CVE-2025-52810 | high | 8.1 | 8.1 | 11mo ago | Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | |||
| CVE-2025-6329 | high | 8.1 | 8.1 | 1y ago | A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component Us… | |||
| CVE-2025-49454 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-5877 | high | 8.1 | 8.1 | 1y ago | A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/Applicatio… | |||
| CVE-2025-5139 | high | 8.1 | 8.1 | 1y ago | A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice… | |||
| CVE-2025-31633 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local Fi… | |||
| CVE-2025-31632 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom… | |||
| CVE-2025-39491 | high | 8.1 | 8.1 | 1y ago | Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||
| CVE-2025-2338 | high | 8.1 | 8.1 | 1y ago | A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. … | |||
| CVE-2025-2337 | high | 8.1 | 8.1 | 1y ago | A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer… | |||
| CVE-2025-23368 | high | 8.1 | 8.1 | 1y ago | Wildfly Elytron integration susceptible to brute force attacks via CLI | |||
| CVE-2025-32803 | high | — | 8.0 | — | In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | |||
| CVE-2025-49091 | high | — | 8.0 | — | KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed r… | |||
| CVE-2025-23395 | high | — | 8.0 | — | Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `roo… | |||
| CVE-2025-46804 | high | — | 8.0 | — | A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Scree… | |||
| CVE-2025-40775 | high | — | 8.0 | — | When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an as… | |||
| CVE-2025-32801 | high | — | 8.0 | — | Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the contr… | |||
| CVE-2025-32802 | high | — | 8.0 | — | Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured… | |||
| CVE-2025-53367 | high | — | 8.0 | — | DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerabili… | |||
| CVE-2025-30232 | high | — | 8.0 | — | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | |||
| CVE-2025-46805 | high | — | 8.0 | — | Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. | |||
| CVE-2025-46802 | high | — | 8.0 | — | For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. | |||
| CVE-2025-46803 | high | — | 8.0 | — | The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system. | |||
| CVE-2025-71089 | high | — | 8.0 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a f… | |||
| CVE-2025-68366 | high | — | 8.0 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK:… | |||
| CVE-2025-38653 | high | — | 8.0 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may ca… | |||
| CVE-2025-68347 | high | — | 8.0 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write mor… | |||
| CVE-2025-68183 | high | — | 8.0 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA … | |||
| CVE-2025-11954 | high | 8.0 | 8.0 | 16d ago | Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The ve… | |||
| CVE-2025-71116 | high | — | 8.0 | 17d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encod… | |||
| CVE-2025-68741 | high | — | 8.0 | 17d ago | Important: kernel security update | |||
| CVE-2025-43214 | high | — | 8.0 | 18d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously … | |||
| CVE-2025-43511 | high | — | 8.0 | 18d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watc… | |||
| CVE-2025-43213 | high | — | 8.0 | 18d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously … | |||
| CVE-2025-43457 | high | — | 8.0 | 18d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing malicious… | |||
| CVE-2025-55668 | high | — | 8.0 | 18d ago | Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old… | |||
| CVE-2025-15284 | high | — | 8.0 | 18d ago | Important: linux-sgx security update | |||
| CVE-2025-15282 | high | — | 8.0 | 18d ago | Important: python3.12 security update | |||
| CVE-2025-46299 | high | — | 8.0 | 18d ago | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Proc… | |||
| CVE-2025-13837 | high | — | 8.0 | 18d ago | Important: python3.12 security update | |||
| CVE-2025-46701 | high | — | 8.0 | 18d ago | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th… |