CVEs from 2025
Total
8,945
critical
critical 1,360
high
high 2,043
medium
medium 2,031
low
low 202
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43432 | high | — | 8.0 | 6mo ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processin… | |||
| CVE-2025-43431 | high | — | 8.0 | 6mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS … | |||
| CVE-2025-43430 | high | — | 8.0 | 6mo ago | This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciou… | |||
| CVE-2025-43427 | high | — | 8.0 | 6mo ago | This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted we… | |||
| CVE-2025-43429 | high | — | 8.0 | 6mo ago | A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, … | |||
| CVE-2025-43425 | high | — | 8.0 | 6mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously c… | |||
| CVE-2025-43392 | high | — | 8.0 | 6mo ago | The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watch… | |||
| CVE-2025-43438 | high | — | 8.0 | 6mo ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watc… | |||
| CVE-2025-13502 | high | — | 8.0 | 6mo ago | A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspec… | |||
| CVE-2025-66287 | high | — | 8.0 | 6mo ago | A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. | |||
| CVE-2025-13947 | high | — | 8.0 | 6mo ago | A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechani… | |||
| CVE-2025-43440 | high | — | 8.0 | 6mo ago | This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted w… | |||
| CVE-2025-66471 | high | — | 8.0 | 6mo ago | Important: fence-agents security update | |||
| CVE-2025-65637 | high | — | 8.0 | 6mo ago | RHSA-2026:3428: container-tools:rhel8 security update (Important) | |||
| CVE-2025-10920 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10921 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10924 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10922 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10925 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10934 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10923 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-11230 | high | — | 8.0 | 7mo ago | Important: haproxy security update | |||
| CVE-2025-13018 | high | — | 8.0 | 7mo ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13016 | high | — | 8.0 | 7mo ago | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13017 | high | — | 8.0 | 7mo ago | Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13014 | high | — | 8.0 | 7mo ago | Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13013 | high | — | 8.0 | 7mo ago | Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13012 | high | — | 8.0 | 7mo ago | Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13020 | high | — | 8.0 | 7mo ago | Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13015 | high | — | 8.0 | 7mo ago | Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. | |||
| CVE-2025-13019 | high | — | 8.0 | 7mo ago | Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-59088 | high | — | 8.0 | 7mo ago | RHSA-2025:21140: idm:DL1 security update (Important) | |||
| CVE-2025-59089 | high | — | 8.0 | 7mo ago | RHSA-2025:21140: idm:DL1 security update (Important) | |||
| CVE-2025-11561 | high | — | 8.0 | 7mo ago | RHSA-2025:19610: sssd security update (Important) | |||
| CVE-2025-62168 | high | — | 8.0 | 7mo ago | RHSA-2025:19107: squid:4 security update (Important) | |||
| CVE-2025-55247 | high | — | 8.0 | 7mo ago | RHSA-2025:18150: .NET 9.0 security update (Important) | |||
| CVE-2025-64519 | high | — | 8.0 | 7mo ago | TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter | |||
| CVE-2025-40778 | high | — | 8.0 | 7mo ago | Important: bind9.18 security update | |||
| CVE-2025-40780 | high | — | 8.0 | 7mo ago | Important: bind9.18 security update | |||
| CVE-2025-8677 | high | — | 8.0 | 7mo ago | Important: bind security update | |||
| CVE-2025-52881 | high | — | 8.0 | 7mo ago | RHSA-2025:23543: container-tools:rhel8 security update (Important) | |||
| CVE-2025-52565 | high | — | 8.0 | 7mo ago | RHSA-2025:21232: container-tools:rhel8 security update (Important) | |||
| CVE-2025-31133 | high | — | 8.0 | 7mo ago | RHSA-2025:21232: container-tools:rhel8 security update (Important) | |||
| CVE-2025-11021 | high | — | 8.0 | 7mo ago | RHSA-2025:19714: libsoup security update (Important) | |||
| CVE-2025-4945 | high | — | 8.0 | 7mo ago | RHSA-2025:19714: libsoup security update (Important) | |||
| CVE-2025-62231 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-62229 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-62230 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-6176 | high | — | 8.0 | 7mo ago | RHSA-2026:2389: brotli security update (Important) | |||
| CVE-2025-46818 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-49844 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-46819 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-46817 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-9900 | high | — | 8.0 | 7mo ago | RHSA-2025:19906: mingw-libtiff security update (Important) | |||
| CVE-2025-12235 | high | 8.0 | 8.0 | 7mo ago | A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow.… | |||
| CVE-2025-43419 | high | — | 8.0 | 8mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web con… | |||
| CVE-2025-11709 | high | — | 8.0 | 8mo ago | A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 11… | |||
| CVE-2025-11711 | high | — | 8.0 | 8mo ago | There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunder… | |||
| CVE-2025-11712 | high | — | 8.0 | 8mo ago | A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contribut… | |||
| CVE-2025-43272 | high | — | 8.0 | 8mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may … | |||
| CVE-2025-43343 | high | — | 8.0 | 8mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web con… | |||
| CVE-2025-43342 | high | — | 8.0 | 8mo ago | A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing … | |||
| CVE-2025-43356 | high | — | 8.0 | 8mo ago | The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website… | |||
| CVE-2025-11710 | high | — | 8.0 | 8mo ago | A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Fire… | |||
| CVE-2025-11708 | high | — | 8.0 | 8mo ago | Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | |||
| CVE-2025-55248 | high | — | 8.0 | 8mo ago | RHSA-2025:18150: .NET 9.0 security update (Important) | |||
| CVE-2025-11715 | high | — | 8.0 | 8mo ago | Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… | |||
| CVE-2025-11714 | high | — | 8.0 | 8mo ago | Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume tha… | |||
| CVE-2025-31223 | high | — | 8.0 | 8mo ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted w… | |||
| CVE-2025-61919 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-61771 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-61770 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-61772 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-7493 | high | — | 8.0 | 8mo ago | RHSA-2025:17129: idm:DL1 security update (Important) | |||
| CVE-2025-59830 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-38001 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this rece… | |||
| CVE-2025-38000 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueu… | |||
| CVE-2025-10536 | high | — | 8.0 | 9mo ago | Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10537 | high | — | 8.0 | 9mo ago | Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… | |||
| CVE-2025-10529 | high | — | 8.0 | 9mo ago | Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10533 | high | — | 8.0 | 9mo ago | Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10527 | high | — | 8.0 | 9mo ago | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10528 | high | — | 8.0 | 9mo ago | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10532 | high | — | 8.0 | 9mo ago | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-4953 | high | — | 8.0 | 9mo ago | RHSA-2025:15904: container-tools:rhel8 security update (Important) | |||
| CVE-2025-58060 | high | — | 8.0 | 9mo ago | RHSA-2025:15702: cups security update (Important) | |||
| CVE-2025-38332 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38449 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38392 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-37803 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-8941 | high | — | 8.0 | 9mo ago | RHSA-2025:14557: pam security update (Important) | |||
| CVE-2025-37823 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38464 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-8067 | high | — | 8.0 | 9mo ago | RHSA-2025:15017: udisks2 security update (Important) | |||
| CVE-2025-38200 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38211 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38461 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-8713 | high | — | 8.0 | 9mo ago | PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy inten… | |||
| CVE-2025-4207 | high | — | 8.0 | 9mo ago | RHSA-2025:15022: postgresql:15 security update (Important) | |||
| CVE-2025-8715 | high | — | 8.0 | 9mo ago | RHSA-2025:15115: postgresql:12 security update (Important) |