CVEs from 2025
Total
9,150
critical
critical 1,302
high
high 1,903
medium
medium 1,917
low
low 193
% Critical
14.2%
% with KEV
2.0%
% with exploit
2.2%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27151 | high | — | 8.0 | 10mo ago | Important: redis:7 security update | |||
| CVE-2025-6965 | high | — | 8.0 | 10mo ago | Important: sqlite security update | |||
| CVE-2025-8027 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-8031 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-8030 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-8034 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-8033 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-8029 | high | — | 8.0 | 10mo ago | Important: firefox security update | |||
| CVE-2025-8032 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-8028 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-8035 | high | — | 8.0 | 10mo ago | Important: thunderbird security update | |||
| CVE-2025-27614 | high | — | 8.0 | 10mo ago | Important: git security update | |||
| CVE-2025-32023 | high | — | 8.0 | 10mo ago | Important: redis:7 security update | |||
| CVE-2025-27613 | high | — | 8.0 | 10mo ago | Important: git security update | |||
| CVE-2025-48367 | high | — | 8.0 | 10mo ago | Important: redis:7 security update | |||
| CVE-2025-46835 | high | — | 8.0 | 10mo ago | Important: git security update | |||
| CVE-2025-48385 | high | — | 8.0 | 10mo ago | Important: git security update | |||
| CVE-2025-38089 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the cli… | |||
| CVE-2025-38425 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from … | |||
| CVE-2025-30749 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-50106 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-30754 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-30761 | high | — | 8.0 | 11mo ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2025-31650 | high | — | 8.0 | 11mo ago | Apache Tomcat Denial of Service via invalid HTTP priority header | |||
| CVE-2025-50059 | high | — | 8.0 | 11mo ago | Important: java-21-openjdk security update | |||
| CVE-2025-30402 | high | — | 8.0 | 11mo ago | ExecuTorch vulnerable to Heap-based Buffer Overflow attack | |||
| CVE-2025-6032 | high | — | 8.0 | 11mo ago | A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. | |||
| CVE-2025-37799 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-22004 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-21887 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-21759 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2025-5986 | high | — | 8.0 | 11mo ago | Important: thunderbird security update | |||
| CVE-2025-48379 | high | — | 8.0 | 11mo ago | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format… | |||
| CVE-2025-6424 | high | — | 8.0 | 11mo ago | Important: firefox security update | |||
| CVE-2025-4330 | high | — | 8.0 | 11mo ago | Important: python3.11 security update | |||
| CVE-2025-6430 | high | — | 8.0 | 11mo ago | Important: firefox security update | |||
| CVE-2025-4435 | high | — | 8.0 | 11mo ago | Important: python3.11 security update | |||
| CVE-2025-4138 | high | — | 8.0 | 11mo ago | Important: python3.11 security update | |||
| CVE-2025-6425 | high | — | 8.0 | 11mo ago | Important: firefox security update | |||
| CVE-2025-6429 | high | — | 8.0 | 11mo ago | Important: firefox security update | |||
| CVE-2025-4517 | high | — | 8.0 | 11mo ago | Important: python3.11 security update | |||
| CVE-2025-32462 | high | — | 8.0 | 11mo ago | Important: sudo security update | |||
| CVE-2025-40908 | high | — | 8.0 | 11mo ago | Important: perl-YAML-LibYAML security update | |||
| CVE-2025-3891 | high | — | 8.0 | 11mo ago | Important: mod_auth_openidc security update | |||
| CVE-2025-49176 | high | — | 8.0 | 11mo ago | Important: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2025-49178 | high | — | 8.0 | 11mo ago | Important: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2025-6019 | high | — | 8.0 | 11mo ago | Important: libblockdev security update | |||
| CVE-2025-49175 | high | — | 8.0 | 11mo ago | Important: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2025-49179 | high | — | 8.0 | 11mo ago | Important: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2025-49180 | high | — | 8.0 | 11mo ago | Important: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2025-49177 | high | — | 8.0 | 11mo ago | A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. | |||
| CVE-2025-6279 | high | 8.0 | 8.0 | 11mo ago | A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handle… | |||
| CVE-2025-4404 | high | — | 8.0 | 1y ago | Important: ipa security update | |||
| CVE-2025-48798 | high | — | 8.0 | 1y ago | Important: gimp security update | |||
| CVE-2025-5473 | high | — | 8.0 | 1y ago | Important: gimp security update | |||
| CVE-2025-48797 | high | — | 8.0 | 1y ago | Important: gimp security update | |||
| CVE-2025-21979 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and init… | |||
| CVE-2025-21969 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive … | |||
| CVE-2025-21961 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_b… | |||
| CVE-2025-21963 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended … | |||
| CVE-2025-48734 | high | — | 8.0 | 1y ago | Important: javapackages-tools:201801 security update | |||
| CVE-2025-22126 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for… | |||
| CVE-2025-21999 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don'… | |||
| CVE-2025-37750 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary se… | |||
| CVE-2025-30399 | high | — | 8.0 | 1y ago | Important: .NET 9.0 security update | |||
| CVE-2025-47947 | high | — | 8.0 | 1y ago | Important: mod_security security update | |||
| CVE-2025-22055 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary si… | |||
| CVE-2025-37785 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_… | |||
| CVE-2025-37943 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a len… | |||
| CVE-2025-21997 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their p… | |||
| CVE-2025-40907 | high | — | 8.0 | 1y ago | Important: perl-FCGI security update | |||
| CVE-2025-21926 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment In __udp_gso_segment the skb destructor is removed before segmenting the skb but the… | |||
| CVE-2025-21920 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact tha… | |||
| CVE-2025-23165 | high | — | 8.0 | 1y ago | Important: nodejs:22 security update | |||
| CVE-2025-23167 | high | — | 8.0 | 1y ago | A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers t… | |||
| CVE-2025-23166 | high | — | 8.0 | 1y ago | Important: nodejs:22 security update | |||
| CVE-2025-47905 | high | — | 8.0 | 1y ago | Important: varnish:6 security update | |||
| CVE-2025-5267 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-5268 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-5269 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-32910 | high | — | 8.0 | 1y ago | Important: mingw-freetype security update | |||
| CVE-2025-5263 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-5283 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-32909 | high | — | 8.0 | 1y ago | Important: mingw-freetype security update | |||
| CVE-2025-5264 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-5266 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-3909 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-3887 | high | — | 8.0 | 1y ago | Important: gstreamer1-plugins-bad-free security update | |||
| CVE-2025-3932 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-3877 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-3875 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-4948 | high | — | 8.0 | 1y ago | Important: libsoup security update | |||
| CVE-2025-2784 | high | — | 8.0 | 1y ago | Important: libsoup security update | |||
| CVE-2025-32049 | high | — | 8.0 | 1y ago | Important: libsoup security update | |||
| CVE-2025-32914 | high | — | 8.0 | 1y ago | Important: libsoup security update | |||
| CVE-2025-4918 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-4919 | high | — | 8.0 | 1y ago | Important: thunderbird security update | |||
| CVE-2025-37749 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessin… | |||
| CVE-2025-21966 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being pass… | |||
| CVE-2025-31205 | high | — | 8.0 | 1y ago | Important: webkit2gtk3 security update |