CVEs from 2025
Total
8,834
critical
critical 1,313
high
high 1,950
medium
medium 1,966
low
low 200
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40181 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the l… | |||
| CVE-2025-32728 | unknown | — | — | — | In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. | |||
| CVE-2025-26466 | unknown | — | — | — | A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the serve… | |||
| CVE-2025-12781 | unknown | — | — | — | When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars"… | |||
| CVE-2025-40247 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix pgtable prealloc error path The following splat was reported: Unable to handle kernel NULL pointer dereference … | |||
| CVE-2025-40265 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vfat: fix missing sb_min_blocksize() return value checks When emulating an nvme device on qemu with both logical_block_size and p… | |||
| CVE-2025-40323 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fb_display[i]->mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: … | |||
| CVE-2025-40321 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Ac… | |||
| CVE-2025-40336 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwis… | |||
| CVE-2025-53630 | unknown | — | — | — | llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability … | |||
| CVE-2025-30189 | unknown | — | — | — | When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logi… | |||
| CVE-2025-10729 | unknown | — | — | — | The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. | |||
| CVE-2025-21637 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure … | |||
| CVE-2025-21654 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspac… | |||
| CVE-2025-21657 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() scx_ops_bypass() iterates all CPUs to re-enqueue all the s… | |||
| CVE-2025-21661 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an in… | |||
| CVE-2025-21675 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after … | |||
| CVE-2025-21679 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to… | |||
| CVE-2025-21792 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTO… | |||
| CVE-2025-21793 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: sn-f-ospi: Fix division by zero When there is no dummy cycle in the spi-nor commands, both dummy bus cycle bytes and width a… | |||
| CVE-2025-21802 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each ae_dev nod… | |||
| CVE-2025-21797 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Add missing delayed work cancel for headset status The cancel_delayed_work_sync() call was missed, causing a u… | |||
| CVE-2025-21804 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() The rcar_pcie_parse_outbound_ranges() uses the d… | |||
| CVE-2025-21868 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina reported the following splat: WARNING: CPU: 0 PID:… | |||
| CVE-2025-21884 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: better track kernel sockets lifetime While kernel sockets are dismantled during pernet_operations->exit(), their freeing can… | |||
| CVE-2025-21871 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or kill… | |||
| CVE-2025-21878 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to… | |||
| CVE-2025-21881 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad pag… | |||
| CVE-2025-21889 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: perf/core: Add RCU read lock protection to perf_iterate_ctx() The perf_iterate_ctx() function performs RCU list traversal but cur… | |||
| CVE-2025-21882 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed, causing a leak. Add… | |||
| CVE-2025-21892 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks d… | |||
| CVE-2025-21896 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fuse: revert back to __readahead_folio() for readahead In commit 3eab9d7bc2f4 ("fuse: convert readahead to use folios"), the logi… | |||
| CVE-2025-21895 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Syskaller triggers a warning due to prev_epc->pmu != ne… | |||
| CVE-2025-21903 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mctp i3c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet s… | |||
| CVE-2025-21901 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_start callbacks will be cal… | |||
| CVE-2025-38223 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUG_ON for the case of encrypted … | |||
| CVE-2025-40152 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix bootup splat with separate_gpu_drm modparam The drm_gem_for_each_gpuvm_bo() call from lookup_vma() accesses drm_gem_… | |||
| CVE-2025-38592 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump us… | |||
| CVE-2025-38276 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca ("fs/dax: don't skip locked entries when scanni… | |||
| CVE-2025-68175 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix streaming cleanup on release The current implementation unconditionally calls mxc_isi_video_cleanup_str… | |||
| CVE-2025-68790 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in device's private data after unregistering it in L… | |||
| CVE-2025-71133 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") un… | |||
| CVE-2025-64390 | unknown | — | — | 10h ago | A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file. | |||
| CVE-2025-71312 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super() In ntfs_fill_super(), the fc->fs_private pointer is set to NULL withou… | |||
| CVE-2025-71311 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compres… | |||
| CVE-2025-71309 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni_read_folio_cmpr Syzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr). This is ca… | |||
| CVE-2025-71308 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie_destroy_context() is invoked during error handling i… | |||
| CVE-2025-71307 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures durin… | |||
| CVE-2025-71306 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec() KASAN reported a stack-out-of-bounds access in ima_appraise_measurement … | |||
| CVE-2025-71305 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: drm/display/dp_mst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong… | |||
| CVE-2025-71304 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disab… | |||
| CVE-2025-71303 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that … | |||
| CVE-2025-14575 | unknown | — | — | 15d ago | An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste… | |||
| CVE-2025-54518 | unknown | — | — | 19d ago | <p>This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.</p> <p>… | |||
| CVE-2025-62188 | unknown | — | — | 2mo ago | Apache DolphinScheduler vulnerable to sensitive information disclosure | |||
| CVE-2025-43376 | unknown | — | — | 2mo ago | iOS 18.7.7 and iPadOS 18.7.7 | |||
| CVE-2025-14524 | unknown | — | — | 2mo ago | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass… | |||
| CVE-2025-43534 | unknown | — | — | 2mo ago | iOS 18.7.7 and iPadOS 18.7.7 | |||
| CVE-2025-64505 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2025-70952 | unknown | — | — | 2mo ago | pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names | |||
| CVE-2025-59775 | unknown | — | — | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2025-54920 | unknown | — | — | 3mo ago | Apache Spark: Spark History Server Code Execution Vulnerability | |||
| CVE-2025-60012 | unknown | — | — | 3mo ago | Apache Livy: Restrict file access | |||
| CVE-2025-66249 | unknown | — | — | 3mo ago | Apache Livy: Unauthorized directory access | |||
| CVE-2025-66024 | unknown | — | — | 3mo ago | XWiki Blog Application home page vulnerable to Stored XSS via Post Title | |||
| CVE-2025-66168 | unknown | — | — | 3mo ago | Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound | |||
| CVE-2025-15599 | unknown | — | — | 3mo ago | DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext elemen… | |||
| CVE-2025-59060 | unknown | — | — | 3mo ago | Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch | |||
| CVE-2025-59059 | unknown | — | — | 3mo ago | Apache Ranger has a Code Injection vulnerability | |||
| CVE-2025-12150 | unknown | — | — | 3mo ago | Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass | |||
| CVE-2025-13590 | unknown | — | — | 3mo ago | carbon-apimgt does not properly restrict uploaded files | |||
| CVE-2025-66614 | unknown | — | — | 4mo ago | Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were… | |||
| CVE-2025-33042 | unknown | — | — | 4mo ago | Apache Avro Java SDK is Vulnerable to Code Injection | |||
| CVE-2025-47911 | unknown | — | — | 4mo ago | The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted H… | |||
| CVE-2025-11537 | unknown | — | — | 4mo ago | Keycloak logs sensitive headers | |||
| CVE-2025-14778 | unknown | — | — | 4mo ago | Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService | |||
| CVE-2025-68458 | unknown | — | — | 4mo ago | Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out… | |||
| CVE-2025-68157 | unknown | — | — | 4mo ago | Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu… | |||
| CVE-2025-58190 | unknown | — | — | 4mo ago | The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML … | |||
| CVE-2025-13881 | unknown | — | — | 4mo ago | Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes | |||
| CVE-2025-14969 | unknown | — | — | 4mo ago | Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion | |||
| CVE-2025-27821 | unknown | — | — | 4mo ago | Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability | |||
| CVE-2025-22234 | unknown | — | — | 4mo ago | Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide | |||
| CVE-2025-14083 | unknown | — | — | 4mo ago | Keycloak Admin REST API exposes backend schema and rules | |||
| CVE-2025-14559 | unknown | — | — | 4mo ago | Keycloak services allows the issuance of access and refresh tokens for disabled users | |||
| CVE-2025-64087 | unknown | — | — | 4mo ago | XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability | |||
| CVE-2025-65482 | unknown | — | — | 4mo ago | XDocReport affected by an XML External Entity (XXE) vulnerability | |||
| CVE-2025-59355 | unknown | — | — | 5mo ago | Apache Linkis: Password Exposure | |||
| CVE-2025-29847 | unknown | — | — | 5mo ago | Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass | |||
| CVE-2025-15104 | unknown | — | — | 5mo ago | Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services.… | |||
| CVE-2025-69725 | unknown | — | — | 5mo ago | An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. | |||
| CVE-2025-71140 | unknown | — | — | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and de… | |||
| CVE-2025-66169 | unknown | — | — | 5mo ago | Apache Camel camel-neo4j component is vulnerable to cypher injection | |||
| CVE-2025-68931 | unknown | — | — | 5mo ago | Jervis's AES CBC Mode is Without Authentication | |||
| CVE-2025-68925 | unknown | — | — | 5mo ago | Jervis Has a JWT Algorithm Confusion Vulnerability | |||
| CVE-2025-68704 | unknown | — | — | 5mo ago | Jervis Has Weak Random for Timing Attack Mitigation | |||
| CVE-2025-68703 | unknown | — | — | 5mo ago | Jervis's Salt for PBKDF2 derived from password | |||
| CVE-2025-68702 | unknown | — | — | 5mo ago | Jervis Has a SHA-256 Hex String Padding Bug | |||
| CVE-2025-68701 | unknown | — | — | 5mo ago | Jervis has Deterministic AES IV Derivation from Passphrase | |||
| CVE-2025-68698 | unknown | — | — | 5mo ago | Jervis Has a RSA PKCS#1 Padding Vulnerability |