CVEs from 2025
Total
8,928
critical
critical 1,313
high
high 1,950
medium
medium 1,966
low
low 200
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22025 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the … | |||
| CVE-2025-22021 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the… | |||
| CVE-2025-22019 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bcachefs: bch2_ioctl_subvolume_destroy() fixes bch2_evict_subvolume_inodes() was getting stuck - due to incorrectly pruning the d… | |||
| CVE-2025-22017 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returne… | |||
| CVE-2025-22016 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, … | |||
| CVE-2025-22015 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the s… | |||
| CVE-2025-22012 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is n… | |||
| CVE-2025-22010 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages… | |||
| CVE-2025-59798 | unknown | — | — | — | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | |||
| CVE-2025-22009 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the fol… | |||
| CVE-2025-22011 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-d… | |||
| CVE-2025-22008 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that t… | |||
| CVE-2025-22014 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service an… | |||
| CVE-2025-22007 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error. … | |||
| CVE-2025-22006 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Registering the interrupts for TX or RX DMA Channels prior to regist… | |||
| CVE-2025-22018 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerab… | |||
| CVE-2025-22001 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via qaic_attach_slice_bo_… | |||
| CVE-2025-22000 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped d… | |||
| CVE-2025-21998 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is … | |||
| CVE-2025-21996 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via… | |||
| CVE-2025-21995 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and adding the cleanup ca… | |||
| CVE-2025-21994 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. … | |||
| CVE-2025-21992 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is no… | |||
| CVE-2025-22003 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy() source Commit 7fdaf8966aae ("can: ucan: use strscpy() to instead of strncpy()") uni… | |||
| CVE-2025-21990 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.res… | |||
| CVE-2025-21988 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request (depending on the… | |||
| CVE-2025-21987 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared r… | |||
| CVE-2025-21985 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but… | |||
| CVE-2025-22002 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfs: Call `invalidate_cache` only if implemented Many filesystems such as NFS and Ceph do not implement the `invalidate_cache` … | |||
| CVE-2025-21982 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw devm_kasprintf() calls can return null pointers on failure. But the … | |||
| CVE-2025-21981 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: fix memory leak in aRFS after reset Fix aRFS (accelerated Receive Flow Steering) structures memory leak by adding a checker … | |||
| CVE-2025-21989 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,… | |||
| CVE-2025-21980 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sched: address a potential NULL pointer dereference in the GRED scheduler. If kzalloc in gred_init returns a NULL pointer, the co… | |||
| CVE-2025-21975 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: handle errors in mlx5_chains_create_table() In mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns() an… | |||
| CVE-2025-21976 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fbdev: hyperv_fb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to re… | |||
| CVE-2025-21972 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the frag_list used for reassembly isn't shared with other packets. This … | |||
| CVE-2025-21974 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() The bnxt_queue_mem_alloc() is called to allocate new queue … | |||
| CVE-2025-21968 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the prop… | |||
| CVE-2025-21967 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed. We don'… | |||
| CVE-2025-21978 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates M… | |||
| CVE-2025-21965 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range… | |||
| CVE-2025-21959 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Since commit b36e4523d4d5 ("netfilter: nf_co… | |||
| CVE-2025-21958 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently, ovs_ct_set_labels() is only called for confirme… | |||
| CVE-2025-21960 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() The bnxt_rx_pkt() updates ip_summed value at the end if checksum offloa… | |||
| CVE-2025-21957 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c dri… | |||
| CVE-2025-21955 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent connection release during oplock break notification ksmbd_work could be freed when after connection release. Incre… | |||
| CVE-2025-68265 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin request_queue lifetime The namespaces can access the controller's admin request_queue, and stale references on th… | |||
| CVE-2025-71232 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla… | |||
| CVE-2025-21956 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalized_pix_clk when color depth = 14 [WHY & HOW] A warning message "WARNING: CPU: 4 PID: 459 at ... /… | |||
| CVE-2025-21954 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netmem: prevent TX of unreadable skbs Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe t… | |||
| CVE-2025-21952 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Update power supply values with a unified work handler corsair_void_process_receiver can be called from an int… | |||
| CVE-2025-21951 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery wor… | |||
| CVE-2025-64390 | unknown | — | — | 8h ago | A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file. | |||
| CVE-2025-71312 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super() In ntfs_fill_super(), the fc->fs_private pointer is set to NULL withou… | |||
| CVE-2025-71311 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compres… | |||
| CVE-2025-71309 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni_read_folio_cmpr Syzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr). This is ca… | |||
| CVE-2025-71308 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie_destroy_context() is invoked during error handling i… | |||
| CVE-2025-71307 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures durin… | |||
| CVE-2025-71306 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec() KASAN reported a stack-out-of-bounds access in ima_appraise_measurement … | |||
| CVE-2025-71305 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: drm/display/dp_mst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong… | |||
| CVE-2025-71304 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disab… | |||
| CVE-2025-71303 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that … | |||
| CVE-2025-14575 | unknown | — | — | 15d ago | An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste… | |||
| CVE-2025-54518 | unknown | — | — | 19d ago | <p>This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.</p> <p>… | |||
| CVE-2025-62188 | unknown | — | — | 2mo ago | Apache DolphinScheduler vulnerable to sensitive information disclosure | |||
| CVE-2025-43534 | unknown | — | — | 2mo ago | iOS 18.7.7 and iPadOS 18.7.7 | |||
| CVE-2025-43376 | unknown | — | — | 2mo ago | iOS 18.7.7 and iPadOS 18.7.7 | |||
| CVE-2025-14524 | unknown | — | — | 2mo ago | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass… | |||
| CVE-2025-64505 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2025-70952 | unknown | — | — | 2mo ago | pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names | |||
| CVE-2025-59775 | unknown | — | — | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2025-54920 | unknown | — | — | 3mo ago | Apache Spark: Spark History Server Code Execution Vulnerability | |||
| CVE-2025-66249 | unknown | — | — | 3mo ago | Apache Livy: Unauthorized directory access | |||
| CVE-2025-60012 | unknown | — | — | 3mo ago | Apache Livy: Restrict file access | |||
| CVE-2025-66024 | unknown | — | — | 3mo ago | XWiki Blog Application home page vulnerable to Stored XSS via Post Title | |||
| CVE-2025-66168 | unknown | — | — | 3mo ago | Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound | |||
| CVE-2025-15599 | unknown | — | — | 3mo ago | DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext elemen… | |||
| CVE-2025-59060 | unknown | — | — | 3mo ago | Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch | |||
| CVE-2025-59059 | unknown | — | — | 3mo ago | Apache Ranger has a Code Injection vulnerability | |||
| CVE-2025-12150 | unknown | — | — | 3mo ago | Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass | |||
| CVE-2025-13590 | unknown | — | — | 3mo ago | carbon-apimgt does not properly restrict uploaded files | |||
| CVE-2025-66614 | unknown | — | — | 4mo ago | Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were… | |||
| CVE-2025-33042 | unknown | — | — | 4mo ago | Apache Avro Java SDK is Vulnerable to Code Injection | |||
| CVE-2025-11537 | unknown | — | — | 4mo ago | Keycloak logs sensitive headers | |||
| CVE-2025-14778 | unknown | — | — | 4mo ago | Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService | |||
| CVE-2025-68458 | unknown | — | — | 4mo ago | Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out… | |||
| CVE-2025-68157 | unknown | — | — | 4mo ago | Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu… | |||
| CVE-2025-13881 | unknown | — | — | 4mo ago | Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes | |||
| CVE-2025-14969 | unknown | — | — | 4mo ago | Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion | |||
| CVE-2025-27821 | unknown | — | — | 4mo ago | Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability | |||
| CVE-2025-22234 | unknown | — | — | 4mo ago | Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide | |||
| CVE-2025-14083 | unknown | — | — | 4mo ago | Keycloak Admin REST API exposes backend schema and rules | |||
| CVE-2025-14559 | unknown | — | — | 4mo ago | Keycloak services allows the issuance of access and refresh tokens for disabled users | |||
| CVE-2025-64087 | unknown | — | — | 4mo ago | XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability | |||
| CVE-2025-65482 | unknown | — | — | 4mo ago | XDocReport affected by an XML External Entity (XXE) vulnerability | |||
| CVE-2025-59355 | unknown | — | — | 5mo ago | Apache Linkis: Password Exposure | |||
| CVE-2025-29847 | unknown | — | — | 5mo ago | Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass | |||
| CVE-2025-15104 | unknown | — | — | 5mo ago | Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services.… | |||
| CVE-2025-69725 | unknown | — | — | 5mo ago | An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. | |||
| CVE-2025-71140 | unknown | — | — | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and de… |