CVEs from 2025
Total
8,880
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-71291 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() In the function bcm_vk_read(), the pointer entry is checked… | |||
| CVE-2025-71290 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: misc: ti_fpc202: fix a potential memory leak in probe function Use for_each_child_of_node_scoped() to simplify the code and ensur… | |||
| CVE-2025-71289 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attr_set_size() errors when truncating files If attr_set_size() fails while truncating down, the error is silent… | |||
| CVE-2025-71288 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during com… | |||
| CVE-2025-71287 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb p… | |||
| CVE-2025-71286 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_dat… | |||
| CVE-2025-71285 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI s… | |||
| CVE-2025-71273 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This a… | |||
| CVE-2025-71272 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly rel… | |||
| CVE-2025-71271 | medium | 5.5 | 5.5 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changi… | |||
| CVE-2025-47406 | medium | 5.5 | 5.5 | 27d ago | Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | |||
| CVE-2025-36335 | medium | 5.5 | 5.5 | 1mo ago | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | |||
| CVE-2025-62233 | medium | — | 5.5 | 1mo ago | Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability | |||
| CVE-2025-65116 | medium | 5.5 | 5.5 | 2mo ago | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Man… | |||
| CVE-2025-48651 | medium | 5.5 | 5.5 | 2mo ago | In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no … | |||
| CVE-2025-38109 | medium | — | 5.5 | 2mo ago | Moderate: kernel security update | |||
| CVE-2025-71238 | medium | — | 5.5 | 2mo ago | RHSA-2026:6572: kernel-rt security update (Moderate) | |||
| CVE-2025-10158 | medium | — | 5.5 | 2mo ago | RHSA-2026:6436: rsync security update (Moderate) | |||
| CVE-2025-38180 | medium | — | 5.5 | 2mo ago | RHSA-2026:6037: kernel security update (Moderate) | |||
| CVE-2025-71270 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory a… | |||
| CVE-2025-71269 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, … | |||
| CVE-2025-71268 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction,… | |||
| CVE-2025-71267 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can le… | |||
| CVE-2025-71266 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indx_find to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can… | |||
| CVE-2025-71265 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file sys… | |||
| CVE-2025-71239 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute… | |||
| CVE-2025-39818 | medium | — | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_sub… | |||
| CVE-2025-15366 | medium | — | 5.5 | 3mo ago | RHSA-2026:4473: python3.11 security update (Moderate) | |||
| CVE-2025-15367 | medium | — | 5.5 | 3mo ago | RHSA-2026:4473: python3.11 security update (Moderate) | |||
| CVE-2025-38106 | medium | — | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrus… | |||
| CVE-2025-12801 | medium | — | 5.5 | 3mo ago | RHSA-2026:3938: nfs-utils security update (Moderate) | |||
| CVE-2025-40168 | medium | — | 5.5 | 3mo ago | RHSA-2026:2821: kernel-rt security update (Moderate) | |||
| CVE-2025-71085 | medium | — | 5.5 | 3mo ago | RHSA-2026:3964: kernel-rt security update (Moderate) | |||
| CVE-2025-14905 | medium | — | 5.5 | 3mo ago | RHSA-2026:5513: 389-ds:1.4 security update (Moderate) | |||
| CVE-2025-38206 | medium | — | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() e… | |||
| CVE-2025-15281 | medium | — | 5.5 | 3mo ago | RHSA-2026:4772: glibc security update (Moderate) | |||
| CVE-2025-40304 | medium | — | 5.5 | 4mo ago | RHSA-2026:2821: kernel-rt security update (Moderate) | |||
| CVE-2025-68349 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2025-68811 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead … | |||
| CVE-2025-40322 | medium | — | 5.5 | 4mo ago | RHSA-2026:1662: kernel security update (Moderate) | |||
| CVE-2025-41117 | medium | — | 5.5 | 4mo ago | Grafana has a Cross-site Scripting issue | |||
| CVE-2025-43403 | medium | 5.5 | 5.5 | 4mo ago | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data. | |||
| CVE-2025-15572 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has b… | |||
| CVE-2025-15571 | medium | 5.5 | 5.5 | 4mo ago | A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference… | |||
| CVE-2025-40141 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not… | |||
| CVE-2025-40318 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry unde… | |||
| CVE-2025-38730 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution contex… | |||
| CVE-2025-38459 | medium | — | 5.5 | 4mo ago | RHSA-2026:1662: kernel security update (Moderate) | |||
| CVE-2025-40269 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2025-40170 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2025-40135 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2025-40158 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2025-38403 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2025-37819 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci… | |||
| CVE-2025-37789 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is sm… | |||
| CVE-2025-38024 | medium | — | 5.5 | 4mo ago | RHSA-2026:1662: kernel security update (Moderate) | |||
| CVE-2025-38022 | medium | — | 5.5 | 4mo ago | RHSA-2026:1662: kernel security update (Moderate) | |||
| CVE-2025-38415 | medium | — | 5.5 | 4mo ago | RHSA-2026:1662: kernel security update (Moderate) | |||
| CVE-2025-15564 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. T… | |||
| CVE-2025-14104 | medium | — | 5.5 | 4mo ago | RHSA-2026:1852: util-linux security update (Moderate) | |||
| CVE-2025-40251 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset paren… | |||
| CVE-2025-38568 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(… | |||
| CVE-2025-54349 | medium | — | 5.5 | 4mo ago | RHSA-2026:1592: iperf3 security update (Moderate) | |||
| CVE-2025-14177 | medium | — | 5.5 | 4mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-9086 | medium | — | 5.5 | 4mo ago | RHSA-2025:23383: curl security update (Moderate) | |||
| CVE-2025-12084 | medium | — | 5.5 | 4mo ago | RHSA-2026:1631: python3 security update (Moderate) | |||
| CVE-2025-14178 | medium | — | 5.5 | 4mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-40258 | medium | — | 5.5 | 4mo ago | RHSA-2026:1662: kernel security update (Moderate) | |||
| CVE-2025-67726 | medium | — | 5.5 | 4mo ago | RHSA-2026:0930: pcs security update (Moderate) | |||
| CVE-2025-67725 | medium | — | 5.5 | 4mo ago | RHSA-2026:0930: pcs security update (Moderate) | |||
| CVE-2025-68285 | medium | — | 5.5 | 4mo ago | RHSA-2026:2446: kpatch-patch-4_18_0-553_30_1, kpatch-patch-4_18_0-553_40_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 security update (Moderate) | |||
| CVE-2025-15537 | medium | 5.5 | 5.5 | 4mo ago | A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to… | |||
| CVE-2025-15536 | medium | 5.5 | 5.5 | 4mo ago | A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes he… | |||
| CVE-2025-46397 | medium | — | 5.5 | 5mo ago | RHSA-2026:0756: transfig security update (Moderate) | |||
| CVE-2025-14242 | medium | — | 5.5 | 5mo ago | RHSA-2026:0608: vsftpd security update (Moderate) | |||
| CVE-2025-12817 | medium | — | 5.5 | 5mo ago | RHSA-2026:0524: postgresql:15 security update (Moderate) | |||
| CVE-2025-12818 | medium | — | 5.5 | 5mo ago | RHSA-2026:0695: libpq security update (Moderate) | |||
| CVE-2025-39840 | medium | — | 5.5 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single… | |||
| CVE-2025-39883 | medium | — | 5.5 | 5mo ago | RHSA-2025:22388: kernel security update (Moderate) | |||
| CVE-2025-15504 | medium | 5.5 | 5.5 | 5mo ago | LIEF is vulnerable to segmentation fault | |||
| CVE-2025-58436 | medium | — | 5.5 | 5mo ago | RHSA-2026:0596: cups security update (Moderate) | |||
| CVE-2025-61915 | medium | — | 5.5 | 5mo ago | RHSA-2026:0596: cups security update (Moderate) | |||
| CVE-2025-32365 | medium | — | 5.5 | 5mo ago | RHSA-2026:0130: poppler security update (Moderate) | |||
| CVE-2025-45582 | medium | — | 5.5 | 5mo ago | Moderate: tar security update | |||
| CVE-2025-15419 | medium | 5.5 | 5.5 | 5mo ago | A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow … | |||
| CVE-2025-15418 | medium | 5.5 | 5.5 | 5mo ago | A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE L… | |||
| CVE-2025-15417 | medium | 5.5 | 5.5 | 5mo ago | A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such… | |||
| CVE-2025-14957 | medium | 5.5 | 5.5 | 5mo ago | A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builde… | |||
| CVE-2025-8291 | medium | — | 5.5 | 6mo ago | RHSA-2026:0123: python3.12 security update (Moderate) | |||
| CVE-2025-6491 | medium | — | 5.5 | 6mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-5987 | medium | — | 5.5 | 6mo ago | Moderate: libssh security update | |||
| CVE-2025-1220 | medium | — | 5.5 | 6mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1735 | medium | — | 5.5 | 6mo ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-61985 | medium | — | 5.5 | 6mo ago | RHSA-2025:23481: openssh security update (Moderate) | |||
| CVE-2025-61984 | medium | — | 5.5 | 6mo ago | RHSA-2025:23481: openssh security update (Moderate) | |||
| CVE-2025-38499 | medium | 5.5 | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone wo… | |||
| CVE-2025-53062 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53045 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53044 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53040 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) |