CVEs from 2025
Total
8,945
critical
critical 1,360
high
high 2,043
medium
medium 2,031
low
low 202
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13120 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approache… | |||
| CVE-2025-37825 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_ena… | |||
| CVE-2025-21861 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38127 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This me… | |||
| CVE-2025-21648 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21847 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22116 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will caus… | |||
| CVE-2025-21791 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21787 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21790 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38234 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another … | |||
| CVE-2025-23129 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path If a shared IRQ is used by the driver due t… | |||
| CVE-2025-22119 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_fr… | |||
| CVE-2025-38396 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38116 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22056 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21837 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21839 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38075 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with suc… | |||
| CVE-2025-21902 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the … | |||
| CVE-2025-38322 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oop… | |||
| CVE-2025-21851 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21829 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21828 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21864 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22092 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference d… | |||
| CVE-2025-21728 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21745 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22247 | medium | — | 5.5 | 7mo ago | RHBA-2026:0860: open-vm-tools bug fix and enhancement update (Moderate) | |||
| CVE-2025-21631 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22086 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree a… | |||
| CVE-2025-37849 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we… | |||
| CVE-2025-21671 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21672 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21848 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21691 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21693 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21696 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21714 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21729 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21746 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21786 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21765 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21853 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21855 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22089 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter … | |||
| CVE-2025-37994 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-22111 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to dev_ioctl() first and later forwarded to br_ioct… | |||
| CVE-2025-21795 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38438 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup() and … | |||
| CVE-2025-38288 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Correct kernel call trace when calling smp_processor_id… | |||
| CVE-2025-21846 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21738 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21844 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-21806 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38013 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating th… | |||
| CVE-2025-21826 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-40300 | medium | 5.5 | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-48086 | medium | 5.5 | 5.5 | 7mo ago | Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3. | |||
| CVE-2025-27144 | medium | — | 5.5 | 7mo ago | Moderate: buildah security update | |||
| CVE-2025-12207 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer derefere… | |||
| CVE-2025-12206 | medium | 5.5 | 5.5 | 7mo ago | A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be la… | |||
| CVE-2025-39751 | medium | — | 5.5 | 7mo ago | RHSA-2025:18298: kernel-rt security update (Moderate) | |||
| CVE-2025-39819 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount was identified in `smb2_compound_op`. Such inco… | |||
| CVE-2025-39718 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue bu… | |||
| CVE-2025-22045 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping … | |||
| CVE-2025-39730 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can… | |||
| CVE-2025-22122 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' o… | |||
| CVE-2025-40005 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation w… | |||
| CVE-2025-8884 | medium | 5.5 | 5.5 | 8mo ago | Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers. This issue affects ACE Cent… | |||
| CVE-2025-38571 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-22026 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38566 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11840 | medium | 5.5 | 5.5 | 8mo ago | A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be … | |||
| CVE-2025-11839 | medium | 5.5 | 5.5 | 8mo ago | A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be… | |||
| CVE-2025-5318 | medium | — | 5.5 | 8mo ago | RHSA-2025:18286: libssh security update (Moderate) | |||
| CVE-2025-53906 | medium | — | 5.5 | 8mo ago | Moderate: vim security update | |||
| CVE-2025-53905 | medium | — | 5.5 | 8mo ago | Moderate: vim security update | |||
| CVE-2025-38614 | medium | 5.5 | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38556 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11495 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap… | |||
| CVE-2025-11494 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds… | |||
| CVE-2025-48964 | medium | — | 5.5 | 8mo ago | Moderate: iputils security update | |||
| CVE-2025-11414 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out… | |||
| CVE-2025-11413 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read.… | |||
| CVE-2025-11412 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds rea… | |||
| CVE-2025-61594 | medium | — | 5.5 | 8mo ago | URI Credential Leakage Bypass over CVE-2025-27221 | |||
| CVE-2025-38351 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-39761 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11279 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title res… | |||
| CVE-2025-11274 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation ca… | |||
| CVE-2025-39931 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a g… | |||
| CVE-2025-39929 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trig… | |||
| CVE-2025-40928 | medium | — | 5.5 | 8mo ago | RHSA-2025:17163: perl-JSON-XS security update (Moderate) | |||
| CVE-2025-38527 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38472 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38718 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-39698 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11081 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack… | |||
| CVE-2025-11017 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of… |