VIR Vulnerability Intelligence Relay

CVEs from 2025

9,418 normalized CVEs published or assigned in this year.

Total
9,418
critical
critical 1,301
high
high 1,907
medium
medium 1,905
low
low 193
% Critical
13.8%
% with KEV
1.9%
% with exploit
2.0%

Top vendors

Top products

  • i-educar 80
  • office_long_term_servicing_channel 35
  • office 34
  • best_salon_management_system 33
  • apartment_management_system 30
  • inventory_management_system 28
  • gcp 24
  • online_learning_management_system 21

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2025-71272 medium 5.5 5.5 22d ago In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly rel… susedebianlinux
CVE-2025-71271 medium 5.5 5.5 22d ago In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changi… susedebianlinux
CVE-2025-47406 medium 5.5 5.5 24d ago Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
CVE-2025-36335 medium 5.5 5.5 28d ago IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. ibm
CVE-2025-62233 medium 5.5 1mo ago Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability java
CVE-2025-65116 medium 5.5 5.5 2mo ago Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Man…
CVE-2025-48651 medium 5.5 5.5 2mo ago In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no …
CVE-2025-38109 medium 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (… redhatsusedebianalmalinux
CVE-2025-71238 medium 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page f… susedebian
CVE-2025-10158 medium 5.5 2mo ago Moderate: rsync security update rockylinuxredhatsusedebian+1
CVE-2025-40096 medium 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_depen… rockylinuxredhatsusedebian+1
CVE-2025-38180 medium 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_p… rockylinuxredhatsusedebian+1
CVE-2025-71270 medium 5.5 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory a… susedebianlinux
CVE-2025-71269 medium 5.5 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, … susedebianlinux
CVE-2025-71268 medium 5.5 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction,… susedebianlinux
CVE-2025-71267 medium 5.5 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can le… susedebianlinux
CVE-2025-71266 medium 5.5 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indx_find to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can… susedebianlinux
CVE-2025-71265 medium 5.5 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file sys… susedebianlinux
CVE-2025-71239 medium 5.5 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute… susedebianlinux
CVE-2025-39818 medium 5.5 2mo ago In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_sub… redhatsuserockylinuxdebian+1
CVE-2025-15366 medium 5.5 3mo ago Moderate: python3.11 security update rockylinuxredhatdebiansuse+1
CVE-2025-15367 medium 5.5 3mo ago Moderate: python3.11 security update rockylinuxredhatdebiansuse+1
CVE-2025-68800 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL)… redhatsuserockylinuxdebian+1
CVE-2025-38106 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrus… redhatsusedebianalmalinux
CVE-2025-12801 medium 5.5 3mo ago Moderate: nfs-utils security update rockylinuxredhatsusedebian+1
CVE-2025-40168 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not … rockylinuxredhatsusedebian+1
CVE-2025-71085 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at… rockylinuxredhatsusedebian+1
CVE-2025-14905 medium 5.5 3mo ago Moderate: 389-ds-base security update debianrockylinuxredhatsuse+1
CVE-2025-38206 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() e… redhatsusedebianalmalinux
CVE-2025-38129 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-… redhatsusedebianalmalinux
CVE-2025-15281 medium 5.5 3mo ago Moderate: glibc security update rockylinuxredhatdebiansuse+2
CVE-2025-40322 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the characte… rockylinuxredhatsusedebian+1
CVE-2025-40064 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), whic… redhatsuserockylinuxdebian+1
CVE-2025-68349 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call sta… rockylinuxredhatsusedebian+1
CVE-2025-68811 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead … redhatsuserockylinuxdebian+1
CVE-2025-40304 medium 5.5 3mo ago In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer bound… rockylinuxredhatsusedebian+1
CVE-2025-41117 medium 5.5 4mo ago Grafana has a Cross-site Scripting issue susegolang
CVE-2025-43403 medium 5.5 5.5 4mo ago An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data. macos
CVE-2025-15572 medium 5.5 5.5 4mo ago A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has b…
CVE-2025-15571 medium 5.5 5.5 4mo ago A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference… debian
CVE-2025-40135 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF. rockylinuxredhatsusedebian+2
CVE-2025-38415 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Sy… rockylinuxredhatsusedebian+1
CVE-2025-38403 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport… rockylinuxredhatsusedebian+1
CVE-2025-40271 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which m… rockylinuxredhatsusedebian+1
CVE-2025-40269 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB UR… rockylinuxredhatsusedebian+1
CVE-2025-38459 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP… rockylinuxredhatsusedebian+1
CVE-2025-40318 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry unde… redhatsuserockylinuxdebian+1
CVE-2025-38022 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Call Trace: __dump_stack lib/dump_stack.c:94 [in… rockylinuxredhatsusedebian+1
CVE-2025-40141 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not… redhatsuserockylinuxdebian+1
CVE-2025-40158 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_r… rockylinuxredhatsusedebian+1
CVE-2025-38024 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] d… rockylinuxredhatsusedebian+1
CVE-2025-38730 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution contex… redhatsuserockylinuxdebian+1
CVE-2025-37819 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci… redhatsuserockylinuxdebian+1
CVE-2025-37789 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is sm… redhatsuserockylinuxdebian+1
CVE-2025-40170 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size().… rockylinuxredhatsusedebian+1
CVE-2025-15564 medium 5.5 5.5 4mo ago A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. T… debian
CVE-2025-14104 medium 5.5 4mo ago Moderate: util-linux security update rockylinuxredhatsusedebian+1
CVE-2025-40154 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt56… rockylinuxredhatsusedebian+1
CVE-2025-40251 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset paren… redhatsuserockylinuxdebian+1
CVE-2025-38568 medium 5.5 4mo ago In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(… redhatsuserockylinuxdebian+1
CVE-2025-54349 medium 5.5 4mo ago Moderate: iperf3 security update rockylinuxredhatdebiansuse
CVE-2025-9086 medium 5.5 4mo ago Moderate: curl security update rockylinuxredhatdebiansuse
CVE-2025-12084 medium 5.5 4mo ago Moderate: python3.9 security update rockylinuxredhatdebiansuse+1
CVE-2025-67725 medium 5.5 4mo ago Moderate: pcs security update rockylinuxsusedebian
CVE-2025-67726 medium 5.5 4mo ago Moderate: pcs security update rockylinuxsusedebian
CVE-2025-15537 medium 5.5 5.5 4mo ago A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to… debian
CVE-2025-15536 medium 5.5 5.5 4mo ago A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes he… susedebiannpm
CVE-2025-46397 medium 5.5 4mo ago Moderate: transfig security update rockylinuxredhatdebiansuse
CVE-2025-14242 medium 5.5 5mo ago Moderate: vsftpd security update rockylinuxredhatsusedebian
CVE-2025-12817 medium 5.5 5mo ago Moderate: postgresql:16 security update rockylinuxredhatsusedebian+1
CVE-2025-12818 medium 5.5 5mo ago Moderate: postgresql:16 security update rockylinuxredhatsusedebian+1
CVE-2025-39840 medium 5.5 5mo ago In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single… redhatsuserockylinuxdebian+1
CVE-2025-40240 medium 5.5 5mo ago In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supp… rockylinuxredhatsusedebian+1
CVE-2025-39883 medium 5.5 5mo ago In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occur… rockylinuxredhatsusedebian+1
CVE-2025-15504 medium 5.5 5.5 5mo ago LIEF is vulnerable to segmentation fault pythonrust
CVE-2025-58436 medium 5.5 5mo ago Moderate: cups security update rockylinuxredhatdebiansuse+1
CVE-2025-61915 medium 5.5 5mo ago Moderate: cups security update rockylinuxredhatdebiansuse+1
CVE-2025-32365 medium 5.5 5mo ago Moderate: poppler security update rockylinuxredhatsusedebian+1
CVE-2025-45582 medium 5.5 5mo ago Moderate: tar security update redhatsuserockylinux
CVE-2025-15419 medium 5.5 5.5 5mo ago A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow …
CVE-2025-15418 medium 5.5 5.5 5mo ago A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE L…
CVE-2025-15417 medium 5.5 5.5 5mo ago A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such…
CVE-2025-14957 medium 5.5 5.5 5mo ago A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builde… debian
CVE-2025-8291 medium 5.5 5mo ago Moderate: python3.9 security update rockylinuxredhatalmalinuxdebian+1
CVE-2025-6075 medium 5.5 5mo ago Moderate: python3.9 security update rockylinuxalmalinuxredhatsuse+1
CVE-2025-6069 medium 5.5 5mo ago Moderate: python3.9 security update rockylinuxredhatdebiansuse+1
CVE-2025-5987 medium 5.5 5mo ago Moderate: libssh security update redhatdebiansuserockylinux
CVE-2025-38499 medium 5.5 5.5 5mo ago In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone wo… redhatsuserockylinuxdebian+2
CVE-2025-61985 medium 5.5 5mo ago Moderate: openssh security update rockylinuxredhatsusedebian
CVE-2025-61984 medium 5.5 5mo ago Moderate: openssh security update rockylinuxredhatsusedebian
CVE-2025-53054 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-53053 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-53045 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-53044 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-53069 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-53062 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-53042 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-53040 medium 5.5 6mo ago Moderate: mysql:8.4 security update rockylinuxredhatdebianalmalinux
CVE-2025-39925 medium 5.5 6mo ago In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to be… redhatsuserockylinuxdebian+1
CVE-2025-39979 medium 5.5 6mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in… redhatsuserockylinuxdebian+1