CVEs from 2025
Total
9,121
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.3%
% with KEV
2.0%
% with exploit
2.7%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0239 | high | — | 8.0 | 1y ago | RHSA-2025:0281: thunderbird security update (Important) | |||
| CVE-2025-0241 | high | — | 8.0 | 1y ago | RHSA-2025:0281: thunderbird security update (Important) | |||
| CVE-2025-0243 | high | — | 8.0 | 1y ago | RHSA-2025:0281: thunderbird security update (Important) | |||
| CVE-2025-0242 | high | — | 8.0 | 1y ago | RHSA-2025:0281: thunderbird security update (Important) | |||
| CVE-2025-0240 | high | — | 8.0 | 1y ago | RHSA-2025:0281: thunderbird security update (Important) | |||
| CVE-2025-0238 | high | — | 8.0 | 1y ago | RHSA-2025:0281: thunderbird security update (Important) | |||
| CVE-2025-0237 | high | — | 8.0 | 1y ago | RHSA-2025:0281: thunderbird security update (Important) | |||
| CVE-2025-21614 | high | — | 8.0 | 1y ago | RHSA-2025:0401: grafana security update (Important) | |||
| CVE-2025-21613 | high | — | 8.0 | 1y ago | RHSA-2025:0401: grafana security update (Important) | |||
| CVE-2025-43480 | high | — | 8.0 | 2y ago | RHSA-2024:9636: webkit2gtk3 security update (Important) | |||
| CVE-2025-54574 | high | — | 8.0 | 3y ago | RHSA-2023:7668: squid:4 security update (Important) | |||
| CVE-2025-24158 | high | — | 8.0 | 3y ago | RHSA-2025:2034: webkit2gtk3 security update (Important) | |||
| CVE-2025-31204 | high | — | 8.0 | 3y ago | RHSA-2023:4202: webkit2gtk3 security update (Important) | |||
| CVE-2025-24223 | high | — | 8.0 | 3y ago | RHSA-2023:4202: webkit2gtk3 security update (Important) | |||
| CVE-2025-31206 | high | — | 8.0 | 3y ago | RHSA-2023:4202: webkit2gtk3 security update (Important) | |||
| CVE-2025-31215 | high | — | 8.0 | 3y ago | RHSA-2023:4202: webkit2gtk3 security update (Important) | |||
| CVE-2025-24264 | high | — | 8.0 | 3y ago | RHSA-2023:4202: webkit2gtk3 security update (Important) | |||
| CVE-2025-21867 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The… | |||
| CVE-2025-40890 | high | 7.9 | 7.9 | 6mo ago | A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. An authenticated low-privilege user can craft a malicio… | |||
| CVE-2025-41670 | high | 7.8 | 7.8 | 3d ago | A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the … | |||
| CVE-2025-69600 | high | 7.8 | 7.8 | 4d ago | Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspe… | |||
| CVE-2025-43306 | high | 7.8 | 7.8 | 4d ago | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges. | |||
| CVE-2025-32747 | high | 7.8 | 7.8 | 8d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi… | |||
| CVE-2025-71217 | high | 7.8 | 7.8 | 9d ago | An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please not… | |||
| CVE-2025-71216 | high | 7.8 | 7.8 | 9d ago | A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an att… | |||
| CVE-2025-71214 | high | 7.8 | 7.8 | 9d ago | An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attack… | |||
| CVE-2025-71213 | high | 7.8 | 7.8 | 9d ago | An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abili… | |||
| CVE-2025-71212 | high | 7.8 | 7.8 | 9d ago | A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the… | |||
| CVE-2025-39766 | high | 7.8 | 7.8 | 11d ago | Important: kernel security update | |||
| CVE-2025-39866 | high | 7.8 | 7.8 | 12d ago | In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_… | |||
| CVE-2025-65088 | high | 7.8 | 7.8 | 18d ago | An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information o… | |||
| CVE-2025-65087 | high | 7.8 | 7.8 | 18d ago | An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information o… | |||
| CVE-2025-65086 | high | 7.8 | 7.8 | 18d ago | An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary cod… | |||
| CVE-2025-47408 | high | 7.8 | 7.8 | 26d ago | Memory corruption when another driver calls an IOCTL with invalid input/output buffer. | |||
| CVE-2025-47405 | high | 7.8 | 7.8 | 26d ago | Memory corruption when processing camera sensor input/output control codes with invalid output buffers. | |||
| CVE-2025-47404 | high | 7.8 | 7.8 | 26d ago | Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified. | |||
| CVE-2025-52347 | high | 7.8 | 7.8 | 29d ago | An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escal… | |||
| CVE-2025-14576 | high | 7.8 | 7.8 | 1mo ago | Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution… | |||
| CVE-2025-61662 | high | 7.8 | 7.8 | 3mo ago | RHSA-2026:4648: grub2 security update (Moderate) | |||
| CVE-2025-12690 | high | 7.8 | 7.8 | 3mo ago | Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10. | |||
| CVE-2025-15570 | high | 7.8 | 7.8 | 4mo ago | A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is … | |||
| CVE-2025-15538 | high | 7.8 | 7.8 | 4mo ago | A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/… | |||
| CVE-2025-15534 | high | 7.8 | 7.8 | 4mo ago | A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can… | |||
| CVE-2025-15533 | high | 7.8 | 7.8 | 4mo ago | A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-bas… | |||
| CVE-2025-15413 | high | 7.8 | 7.8 | 5mo ago | A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack ne… | |||
| CVE-2025-15412 | high | 7.8 | 7.8 | 5mo ago | A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component … | |||
| CVE-2025-15411 | high | 7.8 | 7.8 | 5mo ago | A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-dec… | |||
| CVE-2025-15371 | high | 7.8 | 7.8 | 5mo ago | A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation … | |||
| CVE-2025-15155 | high | 7.8 | 7.8 | 5mo ago | A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulati… | |||
| CVE-2025-14958 | high | 7.8 | 7.8 | 5mo ago | A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Perfor… | |||
| CVE-2025-11083 | high | 7.8 | 7.8 | 5mo ago | RHSA-2026:2627: gcc-toolset-14-binutils security update (Moderate) | |||
| CVE-2025-36745 | high | 7.8 | 7.8 | 6mo ago | SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code… | |||
| CVE-2025-7073 | high | 7.8 | 7.8 | 6mo ago | A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe d… | |||
| CVE-2025-64785 | high | 7.8 | 7.8 | 6mo ago | Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute a… | |||
| CVE-2025-62557 | high | 7.8 | 7.8 | 6mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-62554 | high | 7.8 | 7.8 | 6mo ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-13876 | high | 7.8 | 7.8 | 6mo ago | A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulat… | |||
| CVE-2025-38724 | high | 7.8 | 7.8 | 6mo ago | RHSA-2025:22388: kernel security update (Moderate) | |||
| CVE-2025-39864 | high | 7.8 | 7.8 | 6mo ago | RHSA-2025:19447: kernel security update (Moderate) | |||
| CVE-2025-62199 | high | 7.8 | 7.8 | 7mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-21796 | high | 7.8 | 7.8 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released… | |||
| CVE-2025-12875 | high | 7.8 | 7.8 | 7mo ago | A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/le… | |||
| CVE-2025-11277 | high | 7.8 | 7.8 | 7mo ago | Moderate: qt5-qt3d security update | |||
| CVE-2025-12745 | high | 7.8 | 7.8 | 7mo ago | A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-r… | |||
| CVE-2025-12341 | high | 7.8 | 7.8 | 7mo ago | A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulatio… | |||
| CVE-2025-8176 | high | 7.8 | 7.8 | 7mo ago | RHSA-2025:20034: libtiff security update (Important) | |||
| CVE-2025-12205 | high | 7.8 | 7.8 | 7mo ago | A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results … | |||
| CVE-2025-12204 | high | 7.8 | 7.8 | 7mo ago | A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to h… | |||
| CVE-2025-39841 | high | 7.8 | 7.8 | 7mo ago | RHSA-2025:19103: kernel-rt security update (Moderate) | |||
| CVE-2025-39849 | high | 7.8 | 7.8 | 7mo ago | RHSA-2025:19103: kernel-rt security update (Moderate) | |||
| CVE-2025-5555 | high | 7.8 | 7.8 | 7mo ago | A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to… | |||
| CVE-2025-59234 | high | 7.8 | 7.8 | 8mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-59227 | high | 7.8 | 7.8 | 8mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-33044 | high | 7.8 | 7.8 | 8mo ago | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerab… | |||
| CVE-2025-22832 | high | 7.8 | 7.8 | 8mo ago | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | |||
| CVE-2025-22831 | high | 7.8 | 7.8 | 8mo ago | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | |||
| CVE-2025-11275 | high | 7.8 | 7.8 | 8mo ago | A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/inclu… | |||
| CVE-2025-11082 | high | 7.8 | 7.8 | 8mo ago | A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buff… | |||
| CVE-2025-11014 | high | 7.8 | 7.8 | 8mo ago | A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Im… | |||
| CVE-2025-11012 | high | 7.8 | 7.8 | 8mo ago | A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulatio… | |||
| CVE-2025-10997 | high | 7.8 | 7.8 | 8mo ago | A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer … | |||
| CVE-2025-10996 | high | 7.8 | 7.8 | 8mo ago | A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-… | |||
| CVE-2025-10995 | high | 7.8 | 7.8 | 8mo ago | A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such m… | |||
| CVE-2025-10994 | high | 7.8 | 7.8 | 8mo ago | A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possi… | |||
| CVE-2025-39860 | high | 7.8 | 7.8 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. In the splat, a si… | |||
| CVE-2025-10672 | high | 7.8 | 7.8 | 8mo ago | A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBattery… | |||
| CVE-2025-39835 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code… | |||
| CVE-2025-39828 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() or atmt… | |||
| CVE-2025-39824 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: asus: fix UAF via HID_CLAIMED_INPUT validation After hid_hw_start() is called hidinput_connect() will eventually be called t… | |||
| CVE-2025-39823 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are guest-controlled indices. Using array_inde… | |||
| CVE-2025-39790 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains … | |||
| CVE-2025-39788 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32… | |||
| CVE-2025-39783 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_ep… | |||
| CVE-2025-39776 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table entr… | |||
| CVE-2025-39743 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGR_RE… | |||
| CVE-2025-39738 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes [BUG] There is an internal report that balance triggered transacti… | |||
| CVE-2025-39701 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime ve… | |||
| CVE-2025-39691 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bh_read() helper There's issue as follows: BUG: KASAN: stack-out-of-bounds in end_buffer_… | |||
| CVE-2025-39689 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of set_ftrace_filter and set_ftrace_notrace … | |||
| CVE-2025-39686 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `IN… |