CVEs from 2025
Total
8,987
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0608 | medium | 5.5 | 5.5 | 8mo ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing. This issue affects Logo Cloud: before 2025.R6. | |||
| CVE-2025-39761 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38351 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11279 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title res… | |||
| CVE-2025-11274 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation ca… | |||
| CVE-2025-39931 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a g… | |||
| CVE-2025-39929 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trig… | |||
| CVE-2025-40928 | medium | — | 5.5 | 8mo ago | RHSA-2025:17163: perl-JSON-XS security update (Moderate) | |||
| CVE-2025-38527 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38472 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-39698 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-38718 | medium | — | 5.5 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-11081 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack… | |||
| CVE-2025-11017 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of… | |||
| CVE-2025-11013 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The man… | |||
| CVE-2025-11011 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source r… | |||
| CVE-2025-11000 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the file /src/formats/PQSformat.cpp. This manipulation causes null pointer dereference. … | |||
| CVE-2025-10999 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null point… | |||
| CVE-2025-10998 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation l… | |||
| CVE-2025-10911 | medium | 5.5 | 5.5 | 8mo ago | A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. | |||
| CVE-2025-38498 | medium | 5.5 | 5.5 | 9mo ago | Moderate: kernel security update | |||
| CVE-2025-39694 | medium | 5.5 | 5.5 | 9mo ago | Moderate: kernel security update | |||
| CVE-2025-37810 | medium | — | 5.5 | 9mo ago | Moderate: kernel security update | |||
| CVE-2025-39865 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm =… | |||
| CVE-2025-39857 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL pointer dereference, address: 000000000000… | |||
| CVE-2025-39848 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("ne… | |||
| CVE-2025-39847 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old sk… | |||
| CVE-2025-39846 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigne… | |||
| CVE-2025-39845 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel… | |||
| CVE-2025-39844 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot fail… | |||
| CVE-2025-39842 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has alrea… | |||
| CVE-2025-39838 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __… | |||
| CVE-2025-50080 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50087 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50082 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50088 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50102 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50086 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50093 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50084 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50099 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50098 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50083 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50096 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-58767 | medium | — | 5.5 | 9mo ago | RHSA-2025:23062: ruby:3.3 security update (Moderate) | |||
| CVE-2025-50079 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50085 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50094 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-53023 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-32990 | medium | — | 5.5 | 9mo ago | RHSA-2025:17415: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2025-50077 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50081 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21581 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50104 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50091 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50100 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-5399 | medium | — | 5.5 | 9mo ago | Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the applica… | |||
| CVE-2025-30699 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21580 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30688 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21588 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30722 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30721 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30703 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50078 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30684 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30695 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30689 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30693 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30681 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30682 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30685 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21584 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50101 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21574 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21579 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21585 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21577 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-21575 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50092 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30696 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30705 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30687 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30715 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30683 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50097 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30704 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-39827 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechan… | |||
| CVE-2025-39812 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefi… | |||
| CVE-2025-39808 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from h… | |||
| CVE-2025-10475 | medium | 5.5 | 5.5 | 9mo ago | A weakness has been identified in SpyShelter up to 15.4.0.1015. Affected is an unknown function in the library SpyShelter.sys of the component IOCTL Handler. This manipulation causes denial of servic… | |||
| CVE-2025-39801 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout w… | |||
| CVE-2025-39800 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() If we find an unexpected generation for the extent buff… | |||
| CVE-2025-38550 | medium | — | 5.5 | 9mo ago | Moderate: kernel security update | |||
| CVE-2025-39798 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new… | |||
| CVE-2025-39795 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_se… | |||
| CVE-2025-39794 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. | |||
| CVE-2025-39787 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sani… | |||
| CVE-2025-39782 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() peri… | |||
| CVE-2025-39773 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variab… |