CVEs from 2025
Total
8,880
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5318 | medium | — | 5.5 | 8mo ago | RHSA-2025:18286: libssh security update (Moderate) | |||
| CVE-2025-53906 | medium | — | 5.5 | 8mo ago | RHSA-2025:17715: vim security update (Moderate) | |||
| CVE-2025-38556 | medium | — | 5.5 | 8mo ago | RHSA-2025:16372: kernel security update (Moderate) | |||
| CVE-2025-38614 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Cur… | |||
| CVE-2025-53905 | medium | — | 5.5 | 8mo ago | RHSA-2025:17715: vim security update (Moderate) | |||
| CVE-2025-11495 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap… | |||
| CVE-2025-11494 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds… | |||
| CVE-2025-48964 | medium | — | 5.5 | 8mo ago | Moderate: iputils security update | |||
| CVE-2025-11414 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out… | |||
| CVE-2025-11413 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read.… | |||
| CVE-2025-11412 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds rea… | |||
| CVE-2025-61594 | medium | — | 5.5 | 8mo ago | URI Credential Leakage Bypass over CVE-2025-27221 | |||
| CVE-2025-38351 | medium | — | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls … | |||
| CVE-2025-39761 | medium | — | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during er… | |||
| CVE-2025-11279 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title res… | |||
| CVE-2025-11274 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation ca… | |||
| CVE-2025-39931 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a g… | |||
| CVE-2025-39929 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trig… | |||
| CVE-2025-40928 | medium | — | 5.5 | 8mo ago | RHSA-2025:17163: perl-JSON-XS security update (Moderate) | |||
| CVE-2025-38527 | medium | — | 5.5 | 8mo ago | RHSA-2025:17398: kernel-rt security update (Moderate) | |||
| CVE-2025-38472 | medium | — | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink… | |||
| CVE-2025-38718 | medium | — | 5.5 | 8mo ago | RHSA-2025:16920: kernel-rt security update (Moderate) | |||
| CVE-2025-39698 | medium | — | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the i… | |||
| CVE-2025-11081 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack… | |||
| CVE-2025-11017 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of… | |||
| CVE-2025-11013 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The man… | |||
| CVE-2025-11011 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source r… | |||
| CVE-2025-11000 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the file /src/formats/PQSformat.cpp. This manipulation causes null pointer dereference. … | |||
| CVE-2025-10999 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null point… | |||
| CVE-2025-10998 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation l… | |||
| CVE-2025-10911 | medium | 5.5 | 5.5 | 8mo ago | A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. | |||
| CVE-2025-37810 | medium | — | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOU… | |||
| CVE-2025-38498 | medium | 5.5 | 5.5 | 8mo ago | RHSA-2025:16372: kernel security update (Moderate) | |||
| CVE-2025-39694 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address asso… | |||
| CVE-2025-39865 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm =… | |||
| CVE-2025-39857 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL pointer dereference, address: 000000000000… | |||
| CVE-2025-39848 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("ne… | |||
| CVE-2025-39847 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old sk… | |||
| CVE-2025-39846 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigne… | |||
| CVE-2025-39845 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel… | |||
| CVE-2025-39844 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot fail… | |||
| CVE-2025-39842 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has alrea… | |||
| CVE-2025-39838 | medium | 5.5 | 5.5 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __… | |||
| CVE-2025-50099 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50096 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50091 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-53023 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30704 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-32990 | medium | — | 5.5 | 9mo ago | RHSA-2025:17415: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2025-50101 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50088 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30715 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30699 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21581 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50093 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30681 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50084 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30721 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50094 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30703 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30684 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50097 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50102 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30705 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50092 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50104 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50086 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50100 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50087 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30689 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50098 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30685 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-5399 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-30722 | medium | — | 5.5 | 9mo ago | RHSA-2026:6435: mariadb:10.11 security update (Moderate) | |||
| CVE-2025-30683 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50085 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21577 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21575 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30687 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21574 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50077 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50078 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30693 | medium | — | 5.5 | 9mo ago | RHSA-2026:6435: mariadb:10.11 security update (Moderate) | |||
| CVE-2025-58767 | medium | — | 5.5 | 9mo ago | RHSA-2025:23062: ruby:3.3 security update (Moderate) | |||
| CVE-2025-50082 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50080 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50079 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30696 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30695 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30688 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-50083 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21588 | medium | — | 5.5 | 9mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2025-50081 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21584 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21579 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21585 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-30682 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-21580 | medium | — | 5.5 | 9mo ago | RHSA-2025:16861: mysql:8.0 security update (Moderate) | |||
| CVE-2025-39827 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechan… | |||
| CVE-2025-39812 | medium | 5.5 | 5.5 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefi… |