VIR Vulnerability Intelligence Relay

CVEs from 2025

9,420 normalized CVEs published or assigned in this year.

Total
9,420
critical
critical 1,301
high
high 1,898
medium
medium 1,910
low
low 193
% Critical
13.8%
% with KEV
1.9%
% with exploit
2.0%

Top vendors

Top products

  • i-educar 80
  • office_long_term_servicing_channel 35
  • office 34
  • best_salon_management_system 33
  • apartment_management_system 30
  • inventory_management_system 28
  • gcp 24
  • online_learning_management_system 21

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2025-54236 critical 9.1 10.0 9mo ago Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. phpadobe
CVE-2025-49113 critical 10.0 1y ago Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.ph… archdebianphp
CVE-2025-24813 medium 7.0 1y ago Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT redhatrockylinuxsusedebian+1
CVE-2025-68461 unknown 1.5 3mo ago Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. debian
CVE-2025-58360 unknown 1.5 6mo ago GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature java
CVE-2025-24893 unknown 1.5 1y ago XWiki Platform allows remote code execution as guest via SolrSearchMacros request java