CVEs from 2025
Total
8,987
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-39898 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-40186 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a l… | |||
| CVE-2025-39955 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39918 | medium | — | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-39843 | medium | 5.5 | 5.5 | 6mo ago | Moderate: kernel security update | |||
| CVE-2025-58183 | medium | — | 5.5 | 7mo ago | Moderate: image-builder security update | |||
| CVE-2025-39973 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to th… | |||
| CVE-2025-39971 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx… | |||
| CVE-2025-39982 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connec… | |||
| CVE-2025-40047 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait… | |||
| CVE-2025-39983 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when proces… | |||
| CVE-2025-39881 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure St… | |||
| CVE-2025-13199 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '.… | |||
| CVE-2025-13120 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approache… | |||
| CVE-2025-22056 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38396 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21795 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21846 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21826 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21648 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22116 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will caus… | |||
| CVE-2025-22092 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference d… | |||
| CVE-2025-23129 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path If a shared IRQ is used by the driver due t… | |||
| CVE-2025-37849 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we… | |||
| CVE-2025-22086 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree a… | |||
| CVE-2025-37994 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38116 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21765 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21844 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38013 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating th… | |||
| CVE-2025-21861 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38234 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another … | |||
| CVE-2025-22119 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_fr… | |||
| CVE-2025-22089 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter … | |||
| CVE-2025-21902 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the … | |||
| CVE-2025-21806 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-37825 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_ena… | |||
| CVE-2025-21848 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21864 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38288 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Correct kernel call trace when calling smp_processor_id… | |||
| CVE-2025-38322 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oop… | |||
| CVE-2025-22247 | medium | — | 5.5 | 7mo ago | RHBA-2026:0860: open-vm-tools bug fix and enhancement update (Moderate) | |||
| CVE-2025-21847 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21839 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21745 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38075 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with suc… | |||
| CVE-2025-21691 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21728 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21853 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21851 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21837 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21791 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21829 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21855 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21786 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21714 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21787 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21693 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21696 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21828 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21738 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21631 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21671 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21672 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21729 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38438 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup() and … | |||
| CVE-2025-21790 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21746 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38127 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This me… | |||
| CVE-2025-22111 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to dev_ioctl() first and later forwarded to br_ioct… | |||
| CVE-2025-40300 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-48086 | medium | 5.5 | 5.5 | 7mo ago | Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3. | |||
| CVE-2025-27144 | medium | — | 5.5 | 7mo ago | Moderate: buildah security update | |||
| CVE-2025-12207 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer derefere… | |||
| CVE-2025-12206 | medium | 5.5 | 5.5 | 7mo ago | A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be la… | |||
| CVE-2025-39751 | medium | — | 5.5 | 7mo ago | RHSA-2025:18298: kernel-rt security update (Moderate) | |||
| CVE-2025-22122 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' o… | |||
| CVE-2025-39718 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue bu… | |||
| CVE-2025-22045 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping … | |||
| CVE-2025-39819 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount was identified in `smb2_compound_op`. Such inco… | |||
| CVE-2025-39730 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can… | |||
| CVE-2025-40005 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation w… | |||
| CVE-2025-8884 | medium | 5.5 | 5.5 | 8mo ago | Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers. This issue affects ACE Cent… | |||
| CVE-2025-38566 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38571 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-22026 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11840 | medium | 5.5 | 5.5 | 8mo ago | A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be … | |||
| CVE-2025-11839 | medium | 5.5 | 5.5 | 8mo ago | A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be… | |||
| CVE-2025-5318 | medium | — | 5.5 | 8mo ago | RHSA-2025:18286: libssh security update (Moderate) | |||
| CVE-2025-53906 | medium | — | 5.5 | 8mo ago | Moderate: vim security update | |||
| CVE-2025-53905 | medium | — | 5.5 | 8mo ago | Moderate: vim security update | |||
| CVE-2025-38614 | medium | 5.5 | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38556 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11495 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap… | |||
| CVE-2025-11494 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds… | |||
| CVE-2025-48964 | medium | — | 5.5 | 8mo ago | Moderate: iputils security update | |||
| CVE-2025-11414 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out… | |||
| CVE-2025-11413 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read.… | |||
| CVE-2025-11412 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds rea… | |||
| CVE-2025-61594 | medium | — | 5.5 | 8mo ago | URI Credential Leakage Bypass over CVE-2025-27221 |