CVEs from 2025
Total
8,894
critical
critical 1,342
high
high 2,024
medium
medium 2,004
low
low 202
% Critical
15.1%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-37819 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-37789 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-38403 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-38459 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-38024 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-38415 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-38022 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-15564 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. T… | |||
| CVE-2025-14104 | medium | — | 5.5 | 4mo ago | Moderate: util-linux security update | |||
| CVE-2025-38568 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-40251 | medium | 5.5 | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-40154 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-71191 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform dev… | |||
| CVE-2025-71190 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during… | |||
| CVE-2025-71189 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF no… | |||
| CVE-2025-71188 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux … | |||
| CVE-2025-71186 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux p… | |||
| CVE-2025-71185 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the… | |||
| CVE-2025-54349 | medium | — | 5.5 | 4mo ago | RHSA-2026:1592: iperf3 security update (Moderate) | |||
| CVE-2025-14177 | medium | — | 5.5 | 4mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-12084 | medium | — | 5.5 | 4mo ago | Moderate: python3.12 security update | |||
| CVE-2025-14178 | medium | — | 5.5 | 4mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-71161 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause deni… | |||
| CVE-2025-67726 | medium | — | 5.5 | 5mo ago | RHSA-2026:0930: pcs security update (Moderate) | |||
| CVE-2025-67725 | medium | — | 5.5 | 5mo ago | RHSA-2026:0930: pcs security update (Moderate) | |||
| CVE-2025-15537 | medium | 5.5 | 5.5 | 5mo ago | A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to… | |||
| CVE-2025-15536 | medium | 5.5 | 5.5 | 5mo ago | A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes he… | |||
| CVE-2025-46397 | medium | — | 5.5 | 5mo ago | RHSA-2026:0756: transfig security update (Moderate) | |||
| CVE-2025-13454 | medium | 5.5 | 5.5 | 5mo ago | A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | |||
| CVE-2025-14242 | medium | — | 5.5 | 5mo ago | RHSA-2026:0608: vsftpd security update (Moderate) | |||
| CVE-2025-68823 | medium | 5.5 | 5.5 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading partition table When one process(such as udev) opens ublk block device (e.g., to read the partiti… | |||
| CVE-2025-12817 | medium | — | 5.5 | 5mo ago | Moderate: postgresql:15 security update | |||
| CVE-2025-39883 | medium | — | 5.5 | 5mo ago | Moderate: kernel security update | |||
| CVE-2025-39840 | medium | — | 5.5 | 5mo ago | Moderate: kernel security update | |||
| CVE-2025-12818 | medium | — | 5.5 | 5mo ago | Moderate: postgresql:15 security update | |||
| CVE-2025-40240 | medium | — | 5.5 | 5mo ago | Moderate: kernel security update | |||
| CVE-2025-15504 | medium | 5.5 | 5.5 | 5mo ago | LIEF is vulnerable to segmentation fault | |||
| CVE-2025-61915 | medium | — | 5.5 | 5mo ago | RHSA-2026:0596: cups security update (Moderate) | |||
| CVE-2025-58436 | medium | — | 5.5 | 5mo ago | RHSA-2026:0596: cups security update (Moderate) | |||
| CVE-2025-32365 | medium | — | 5.5 | 5mo ago | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | |||
| CVE-2025-45582 | medium | — | 5.5 | 5mo ago | Moderate: tar security update | |||
| CVE-2025-15419 | medium | 5.5 | 5.5 | 5mo ago | A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow … | |||
| CVE-2025-15418 | medium | 5.5 | 5.5 | 5mo ago | A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE L… | |||
| CVE-2025-15417 | medium | 5.5 | 5.5 | 5mo ago | A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such… | |||
| CVE-2025-14957 | medium | 5.5 | 5.5 | 6mo ago | A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builde… | |||
| CVE-2025-5987 | medium | — | 5.5 | 6mo ago | Moderate: libssh security update | |||
| CVE-2025-6491 | medium | — | 5.5 | 6mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-8291 | medium | — | 5.5 | 6mo ago | The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD re… | |||
| CVE-2025-1220 | medium | — | 5.5 | 6mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1735 | medium | — | 5.5 | 6mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-61984 | medium | — | 5.5 | 6mo ago | ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrus… | |||
| CVE-2025-38499 | medium | 5.5 | 5.5 | 6mo ago | Important: kernel security update | |||
| CVE-2025-61985 | medium | — | 5.5 | 6mo ago | ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. | |||
| CVE-2025-53062 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53040 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53054 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53053 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53044 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53045 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53069 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53042 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-39925 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39979 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-48600 | medium | 5.5 | 5.5 | 6mo ago | In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privilege… | |||
| CVE-2025-11222 | medium | — | 5.5 | 6mo ago | Central Dogma's Login Function Has an Open Redirect Vulnerability | |||
| CVE-2025-14010 | medium | 5.5 | 5.5 | 6mo ago | Ansible Community General Collection is vulnerable to exposure of sensitive information | |||
| CVE-2025-40186 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a l… | |||
| CVE-2025-9714 | medium | 5.5 | 5.5 | 6mo ago | RHSA-2026:11349: libxml2 security update (Moderate) | |||
| CVE-2025-40058 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-40185 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39981 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39955 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39898 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39918 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39843 | medium | 5.5 | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-58183 | medium | — | 5.5 | 7mo ago | Moderate: image-builder security update | |||
| CVE-2025-39983 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when proces… | |||
| CVE-2025-39881 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure St… | |||
| CVE-2025-40047 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait… | |||
| CVE-2025-39973 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to th… | |||
| CVE-2025-39971 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx… | |||
| CVE-2025-39982 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connec… | |||
| CVE-2025-13199 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '.… | |||
| CVE-2025-13120 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approache… | |||
| CVE-2025-38127 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This me… | |||
| CVE-2025-21787 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21851 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21729 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38075 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with suc… | |||
| CVE-2025-21786 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22089 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter … | |||
| CVE-2025-21837 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-37849 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we… | |||
| CVE-2025-21828 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22086 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree a… | |||
| CVE-2025-21791 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-37994 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21861 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21790 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21829 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update |