CVEs from 2025
Total
8,891
critical
critical 1,341
high
high 2,023
medium
medium 2,003
low
low 202
% Critical
15.1%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66471 | high | — | 8.0 | 6mo ago | Important: fence-agents security update | |||
| CVE-2025-65637 | high | — | 8.0 | 6mo ago | RHSA-2026:3428: container-tools:rhel8 security update (Important) | |||
| CVE-2025-10924 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10921 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10925 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10934 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10922 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10920 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-10923 | high | — | 8.0 | 6mo ago | RHSA-2025:22417: gimp:2.8 security update (Important) | |||
| CVE-2025-11230 | high | — | 8.0 | 7mo ago | Important: haproxy security update | |||
| CVE-2025-13014 | high | — | 8.0 | 7mo ago | Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13018 | high | — | 8.0 | 7mo ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13015 | high | — | 8.0 | 7mo ago | Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. | |||
| CVE-2025-13016 | high | — | 8.0 | 7mo ago | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13013 | high | — | 8.0 | 7mo ago | Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13012 | high | — | 8.0 | 7mo ago | Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13019 | high | — | 8.0 | 7mo ago | Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13017 | high | — | 8.0 | 7mo ago | Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-13020 | high | — | 8.0 | 7mo ago | Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | |||
| CVE-2025-59089 | high | — | 8.0 | 7mo ago | RHSA-2025:21140: idm:DL1 security update (Important) | |||
| CVE-2025-59088 | high | — | 8.0 | 7mo ago | RHSA-2025:21140: idm:DL1 security update (Important) | |||
| CVE-2025-11561 | high | — | 8.0 | 7mo ago | RHSA-2025:19610: sssd security update (Important) | |||
| CVE-2025-62168 | high | — | 8.0 | 7mo ago | RHSA-2025:19107: squid:4 security update (Important) | |||
| CVE-2025-55247 | high | — | 8.0 | 7mo ago | RHSA-2025:18150: .NET 9.0 security update (Important) | |||
| CVE-2025-64519 | high | — | 8.0 | 7mo ago | TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter | |||
| CVE-2025-40778 | high | — | 8.0 | 7mo ago | Important: bind9.18 security update | |||
| CVE-2025-40780 | high | — | 8.0 | 7mo ago | Important: bind9.18 security update | |||
| CVE-2025-8677 | high | — | 8.0 | 7mo ago | Important: bind security update | |||
| CVE-2025-31133 | high | — | 8.0 | 7mo ago | RHSA-2025:21232: container-tools:rhel8 security update (Important) | |||
| CVE-2025-52565 | high | — | 8.0 | 7mo ago | RHSA-2025:21232: container-tools:rhel8 security update (Important) | |||
| CVE-2025-52881 | high | — | 8.0 | 7mo ago | RHSA-2025:23543: container-tools:rhel8 security update (Important) | |||
| CVE-2025-11021 | high | — | 8.0 | 7mo ago | RHSA-2025:19714: libsoup security update (Important) | |||
| CVE-2025-4945 | high | — | 8.0 | 7mo ago | RHSA-2025:19714: libsoup security update (Important) | |||
| CVE-2025-62229 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-62231 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-62230 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-6176 | high | — | 8.0 | 7mo ago | RHSA-2026:2389: brotli security update (Important) | |||
| CVE-2025-49844 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-46818 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-46817 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-46819 | high | — | 8.0 | 7mo ago | RHSA-2025:19238: redis:6 security update (Important) | |||
| CVE-2025-9900 | high | — | 8.0 | 7mo ago | RHSA-2025:19906: mingw-libtiff security update (Important) | |||
| CVE-2025-12235 | high | 8.0 | 8.0 | 7mo ago | A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow.… | |||
| CVE-2025-43343 | high | — | 8.0 | 8mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web con… | |||
| CVE-2025-11709 | high | — | 8.0 | 8mo ago | A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 11… | |||
| CVE-2025-11708 | high | — | 8.0 | 8mo ago | Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | |||
| CVE-2025-43342 | high | — | 8.0 | 8mo ago | A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing … | |||
| CVE-2025-43419 | high | — | 8.0 | 8mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web con… | |||
| CVE-2025-43356 | high | — | 8.0 | 8mo ago | The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website… | |||
| CVE-2025-43272 | high | — | 8.0 | 8mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may … | |||
| CVE-2025-31223 | high | — | 8.0 | 8mo ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted w… | |||
| CVE-2025-11714 | high | — | 8.0 | 8mo ago | Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume tha… | |||
| CVE-2025-11712 | high | — | 8.0 | 8mo ago | A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contribut… | |||
| CVE-2025-11711 | high | — | 8.0 | 8mo ago | There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunder… | |||
| CVE-2025-11710 | high | — | 8.0 | 8mo ago | A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Fire… | |||
| CVE-2025-11715 | high | — | 8.0 | 8mo ago | Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… | |||
| CVE-2025-55248 | high | — | 8.0 | 8mo ago | RHSA-2025:18150: .NET 9.0 security update (Important) | |||
| CVE-2025-61919 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-61771 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-61770 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-61772 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-7493 | high | — | 8.0 | 8mo ago | RHSA-2025:17129: idm:DL1 security update (Important) | |||
| CVE-2025-59830 | high | — | 8.0 | 8mo ago | RHSA-2025:19719: pcs security update (Important) | |||
| CVE-2025-38001 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this rece… | |||
| CVE-2025-38000 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueu… | |||
| CVE-2025-10529 | high | — | 8.0 | 9mo ago | Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10532 | high | — | 8.0 | 9mo ago | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10528 | high | — | 8.0 | 9mo ago | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10527 | high | — | 8.0 | 9mo ago | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10536 | high | — | 8.0 | 9mo ago | Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-10537 | high | — | 8.0 | 9mo ago | Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… | |||
| CVE-2025-10533 | high | — | 8.0 | 9mo ago | Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||
| CVE-2025-4953 | high | — | 8.0 | 9mo ago | RHSA-2025:15904: container-tools:rhel8 security update (Important) | |||
| CVE-2025-38332 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-58060 | high | — | 8.0 | 9mo ago | RHSA-2025:15702: cups security update (Important) | |||
| CVE-2025-38449 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38392 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-37803 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-8941 | high | — | 8.0 | 9mo ago | RHSA-2025:14557: pam security update (Important) | |||
| CVE-2025-37823 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38461 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38464 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38211 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-38200 | high | — | 8.0 | 9mo ago | Important: kernel security update | |||
| CVE-2025-8067 | high | — | 8.0 | 9mo ago | RHSA-2025:15017: udisks2 security update (Important) | |||
| CVE-2025-8715 | high | — | 8.0 | 9mo ago | RHSA-2025:15115: postgresql:12 security update (Important) | |||
| CVE-2025-8714 | high | — | 8.0 | 9mo ago | RHSA-2025:15115: postgresql:12 security update (Important) | |||
| CVE-2025-8713 | high | — | 8.0 | 9mo ago | PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy inten… | |||
| CVE-2025-4207 | high | — | 8.0 | 9mo ago | RHSA-2025:15022: postgresql:15 security update (Important) | |||
| CVE-2025-38417 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-54389 | high | — | 8.0 | 10mo ago | RHSA-2025:14573: aide security update (Important) | |||
| CVE-2025-37914 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-22058 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-9182 | high | — | 8.0 | 10mo ago | Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2. | |||
| CVE-2025-9185 | high | — | 8.0 | 10mo ago | Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evid… | |||
| CVE-2025-9181 | high | — | 8.0 | 10mo ago | Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | |||
| CVE-2025-9180 | high | — | 8.0 | 10mo ago | Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128… | |||
| CVE-2025-9179 | high | — | 8.0 | 10mo ago | An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the con… | |||
| CVE-2025-52520 | high | — | 8.0 | 10mo ago | For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0… | |||
| CVE-2025-49125 | high | — | 8.0 | 10mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possib… |