CVEs from 2025
Total
9,121
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.3%
% with KEV
2.0%
% with exploit
2.7%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32052 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-32907 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-32913 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-21605 | high | — | 8.0 | 1y ago | RHSA-2025:7686: redis:6 security update (Important) | |||
| CVE-2025-32050 | high | — | 8.0 | 1y ago | RHSA-2025:8292: mingw-freetype and spice-client-win security update (Important) | |||
| CVE-2025-46727 | high | — | 8.0 | 1y ago | RHSA-2025:8254: pcs security update (Important) | |||
| CVE-2025-4093 | high | — | 8.0 | 1y ago | RHSA-2025:4797: thunderbird security update (Important) | |||
| CVE-2025-4087 | high | — | 8.0 | 1y ago | RHSA-2025:4797: thunderbird security update (Important) | |||
| CVE-2025-4083 | high | — | 8.0 | 1y ago | RHSA-2025:4797: thunderbird security update (Important) | |||
| CVE-2025-4091 | high | — | 8.0 | 1y ago | RHSA-2025:4797: thunderbird security update (Important) | |||
| CVE-2025-2817 | high | — | 8.0 | 1y ago | RHSA-2025:4797: thunderbird security update (Important) | |||
| CVE-2025-21927 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header len… | |||
| CVE-2025-2830 | high | — | 8.0 | 1y ago | RHSA-2025:4649: thunderbird security update (Important) | |||
| CVE-2025-3523 | high | — | 8.0 | 1y ago | RHSA-2025:4649: thunderbird security update (Important) | |||
| CVE-2025-3522 | high | — | 8.0 | 1y ago | RHSA-2025:4649: thunderbird security update (Important) | |||
| CVE-2025-21587 | high | — | 8.0 | 1y ago | RHSA-2025:8431: java-1.8.0-ibm security update (Important) | |||
| CVE-2025-30698 | high | — | 8.0 | 1y ago | RHSA-2025:8431: java-1.8.0-ibm security update (Important) | |||
| CVE-2025-22866 | high | — | 8.0 | 1y ago | Important: delve and golang security update | |||
| CVE-2025-30427 | high | — | 8.0 | 1y ago | RHSA-2025:3974: webkit2gtk3 security update (Important) | |||
| CVE-2025-24216 | high | — | 8.0 | 1y ago | RHSA-2025:3974: webkit2gtk3 security update (Important) | |||
| CVE-2025-24189 | high | — | 8.0 | 1y ago | RHSA-2025:3974: webkit2gtk3 security update (Important) | |||
| CVE-2025-24209 | high | — | 8.0 | 1y ago | RHSA-2025:3974: webkit2gtk3 security update (Important) | |||
| CVE-2025-24208 | high | — | 8.0 | 1y ago | RHSA-2025:3974: webkit2gtk3 security update (Important) | |||
| CVE-2025-24813 | medium | — | 8.0 | 1y ago | RHSA-2025:3683: tomcat security update (Moderate) | |||
| CVE-2025-3030 | high | — | 8.0 | 1y ago | RHSA-2025:4170: thunderbird security update (Important) | |||
| CVE-2025-3029 | high | — | 8.0 | 1y ago | RHSA-2025:4170: thunderbird security update (Important) | |||
| CVE-2025-3028 | high | — | 8.0 | 1y ago | RHSA-2025:4170: thunderbird security update (Important) | |||
| CVE-2025-1080 | high | — | 8.0 | 1y ago | RHSA-2025:2868: libreoffice security update (Important) | |||
| CVE-2025-22869 | high | — | 8.0 | 1y ago | RHSA-2025:3210: container-tools:rhel8 security update (Important) | |||
| CVE-2025-22868 | high | — | 8.0 | 1y ago | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | |||
| CVE-2025-29786 | high | — | 8.0 | 1y ago | Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire strin… | |||
| CVE-2025-30204 | high | — | 8.0 | 1y ago | RHSA-2025:7967: osbuild-composer security update (Important) | |||
| CVE-2025-21785 | high | — | 8.0 | 1y ago | RHSA-2025:3264: kernel-rt security update (Important) | |||
| CVE-2025-24855 | high | — | 8.0 | 1y ago | RHSA-2025:3615: libxslt security update (Important) | |||
| CVE-2025-27516 | high | — | 8.0 | 1y ago | RHSA-2025:3388: python-jinja2 security update (Important) | |||
| CVE-2025-0624 | high | — | 8.0 | 1y ago | RHSA-2025:3367: grub2 security update (Important) | |||
| CVE-2025-24928 | high | — | 8.0 | 1y ago | RHSA-2025:2686: libxml2 security update (Important) | |||
| CVE-2025-24070 | high | — | 8.0 | 1y ago | RHSA-2025:2670: .NET 8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2025-26596 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-26595 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-26594 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-26598 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-26597 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-26599 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-26601 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-26600 | high | — | 8.0 | 1y ago | RHSA-2025:2502: tigervnc security update (Important) | |||
| CVE-2025-1934 | high | — | 8.0 | 1y ago | RHSA-2025:2452: firefox security update (Important) | |||
| CVE-2025-1938 | high | — | 8.0 | 1y ago | RHSA-2025:2900: thunderbird security update (Important) | |||
| CVE-2025-1937 | high | — | 8.0 | 1y ago | RHSA-2025:2900: thunderbird security update (Important) | |||
| CVE-2025-1935 | high | — | 8.0 | 1y ago | RHSA-2025:2452: firefox security update (Important) | |||
| CVE-2025-1930 | high | — | 8.0 | 1y ago | RHSA-2025:2452: firefox security update (Important) | |||
| CVE-2025-1932 | high | — | 8.0 | 1y ago | RHSA-2025:2452: firefox security update (Important) | |||
| CVE-2025-1931 | high | — | 8.0 | 1y ago | RHSA-2025:2452: firefox security update (Important) | |||
| CVE-2025-1933 | high | — | 8.0 | 1y ago | RHSA-2025:2452: firefox security update (Important) | |||
| CVE-2025-1936 | high | — | 8.0 | 1y ago | RHSA-2025:2452: firefox security update (Important) | |||
| CVE-2025-24150 | high | — | 8.0 | 1y ago | RHSA-2025:2034: webkit2gtk3 security update (Important) | |||
| CVE-2025-24162 | high | — | 8.0 | 1y ago | RHSA-2025:2034: webkit2gtk3 security update (Important) | |||
| CVE-2025-24143 | high | — | 8.0 | 1y ago | RHSA-2025:2034: webkit2gtk3 security update (Important) | |||
| CVE-2025-1244 | high | — | 8.0 | 1y ago | RHSA-2025:1917: emacs security update (Important) | |||
| CVE-2025-21540 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21501 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21504 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21494 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21505 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21497 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21522 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21546 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21534 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21500 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21503 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21518 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21520 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21525 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21529 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21555 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21543 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21559 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21531 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21523 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21521 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21491 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21536 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-21519 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2025-23085 | high | — | 8.0 | 1y ago | RHSA-2025:1611: nodejs:22 security update (Important) | |||
| CVE-2025-23083 | high | — | 8.0 | 1y ago | RHSA-2025:1611: nodejs:22 security update (Important) | |||
| CVE-2025-22150 | high | — | 8.0 | 1y ago | RHSA-2025:1611: nodejs:22 security update (Important) | |||
| CVE-2025-0510 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1015 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1010 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1013 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1012 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1014 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1009 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1016 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1011 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-1017 | high | — | 8.0 | 1y ago | RHSA-2025:1292: thunderbird security update (Important) | |||
| CVE-2025-21173 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) | |||
| CVE-2025-21171 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) | |||
| CVE-2025-21172 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) | |||
| CVE-2025-21176 | high | — | 8.0 | 1y ago | RHSA-2025:0382: .NET 9.0 security update (Important) |