VIR Vulnerability Intelligence Relay

CVEs from 2025

9,420 normalized CVEs published or assigned in this year.

Total
9,420
critical
critical 1,301
high
high 1,898
medium
medium 1,910
low
low 193
% Critical
13.8%
% with KEV
1.9%
% with exploit
2.0%

Top vendors

Top products

  • i-educar 80
  • office_long_term_servicing_channel 35
  • office 34
  • best_salon_management_system 33
  • apartment_management_system 30
  • inventory_management_system 28
  • gcp 24
  • online_learning_management_system 21

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2025-7947 high 8.1 8.1 10mo ago A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument …
CVE-2025-7628 high 8.1 8.1 11mo ago A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /dele…
CVE-2025-7079 high 8.1 8.1 11mo ago A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the…
CVE-2025-52813 high 8.1 8.1 11mo ago Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
CVE-2025-7060 high 8.1 8.1 11mo ago A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer…
CVE-2025-52810 high 8.1 8.1 11mo ago Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
CVE-2025-6329 high 8.1 8.1 11mo ago A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component Us…
CVE-2025-49454 high 8.1 8.1 1y ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects…
CVE-2025-5877 high 8.1 8.1 1y ago A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/Applicatio…
CVE-2025-5139 high 8.1 8.1 1y ago A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice…
CVE-2025-31633 high 8.1 8.1 1y ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local Fi…
CVE-2025-31632 high 8.1 8.1 1y ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom…
CVE-2025-39491 high 8.1 8.1 1y ago Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.
CVE-2025-2338 high 8.1 8.1 1y ago A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. … debian
CVE-2025-2337 high 8.1 8.1 1y ago A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer… debian
CVE-2025-23368 high 8.1 8.1 1y ago Wildfly Elytron integration susceptible to brute force attacks via CLI javaredhat
CVE-2025-32802 high 8.0 Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured… archdebiansuse
CVE-2025-49091 high 8.0 KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed r… archdebian
CVE-2025-32801 high 8.0 Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the contr… archdebiansuse
CVE-2025-46803 high 8.0 The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system. archsusedebian
CVE-2025-46802 high 8.0 For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. archsusedebian
CVE-2025-30232 high 8.0 A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. archdebian
CVE-2025-23395 high 8.0 Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `roo… archsusedebian
CVE-2025-6170 high 8.0 A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, … archsusedebian
CVE-2025-49795 high 8.0 A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of ser… archsusedebian
CVE-2025-53367 high 8.0 DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerabili… archdebiansuse
CVE-2025-40775 high 8.0 When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an as… debianarchsuse
CVE-2025-46804 high 8.0 A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Scree… archsusedebian
CVE-2025-46805 high 8.0 Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. archsusedebian
CVE-2025-32803 high 8.0 In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. archdebiansuse
CVE-2025-71089 high 8.0 14h ago In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a f… suseredhatdebian
CVE-2025-38653 high 8.0 14h ago In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may ca… redhatsusedebian
CVE-2025-68183 high 8.0 14h ago In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA … suseredhatdebian
CVE-2025-68366 high 8.0 14h ago In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK:… suseredhatdebian
CVE-2025-11954 high 8.0 8.0 8d ago Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The ve…
CVE-2025-68741 high 8.0 9d ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple… redhatsusedebian
CVE-2025-71116 high 8.0 9d ago In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encod… redhatsusedebian
CVE-2025-43457 high 8.0 10d ago Important: webkit2gtk3 security update redhatsusedebian
CVE-2025-55668 high 8.0 10d ago Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old… redhatsusedebianjava
CVE-2025-43214 high 8.0 10d ago Important: webkit2gtk3 security update redhatsusedebian
CVE-2025-46701 high 8.0 10d ago Apache Tomcat - CGI security constraint bypass archredhatsusedebian+1
CVE-2025-13837 high 8.0 10d ago Important: python3.12 security update redhatsusedebian
CVE-2025-13465 high 8.0 10d ago Important: pcs security update redhatsuserockylinuxdebian+1
CVE-2025-43213 high 8.0 10d ago Important: webkit2gtk3 security update redhatsusedebian
CVE-2025-61726 high 8.0 10d ago Important: image-builder security update rockylinuxredhatdebiansuse+2
CVE-2025-46299 high 8.0 10d ago Important: webkit2gtk3 security update redhatsusedebian
CVE-2025-15284 high 8.0 10d ago Important: linux-sgx security update redhatdebiannpm
CVE-2025-15282 high 8.0 10d ago Important: python3.12 security update redhatsusedebian
CVE-2025-43511 high 8.0 10d ago Important: webkit2gtk3 security update redhatsusedebian
CVE-2025-71261 high 8.0 22d ago Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS golang
CVE-2025-68724 high 8.0 24d ago In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential inte… suseredhatdebian
CVE-2025-40252 high 8.0 24d ago In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede… susedebian
CVE-2025-15270 high 8.0 2mo ago Important: fontforge security update redhatdebiansuserockylinux
CVE-2025-40096 high 8.0 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_depen… rockylinuxredhatsusedebian
CVE-2025-61731 high 8.0 2mo ago Important: golang security update rockylinuxredhatdebiansuse+2
CVE-2025-67873 high 8.0 2mo ago Important: capstone security update redhatdebiansuserockylinux
CVE-2025-68114 high 8.0 2mo ago Important: capstone security update redhatdebiansuserockylinux
CVE-2025-15568 high 8.0 8.0 3mo ago A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code executi…
CVE-2025-68800 high 8.0 3mo ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL)… redhatsuserockylinuxdebian
CVE-2025-69534 high 8.0 3mo ago Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-M… redhatsusedebianpython
CVE-2025-67733 high 8.0 3mo ago Important: valkey security update redhatsuserockylinuxdebian
CVE-2025-38248 high 8.0 3mo ago In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a mul… susedebian
CVE-2025-55131 high 8.0 3mo ago Important: nodejs:20 security update rockylinuxredhatsusedebian
CVE-2025-55132 high 8.0 3mo ago Important: nodejs:20 security update rockylinuxredhatsusedebian
CVE-2025-59466 high 8.0 3mo ago Important: nodejs:20 security update rockylinuxredhatsusedebian
CVE-2025-55130 high 8.0 3mo ago Important: nodejs:24 security update rockylinuxredhatsusedebian
CVE-2025-59465 high 8.0 3mo ago Important: nodejs:20 security update rockylinuxredhatsusedebian
CVE-2025-15059 high 8.0 3mo ago Important: gimp security update redhatdebiansuserockylinux
CVE-2025-61728 high 8.0 3mo ago Important: osbuild-composer security update rockylinuxredhatdebiansuse+2
CVE-2025-61732 high 8.0 3mo ago Important: golang security update rockylinuxredhatdebiansuse+2
CVE-2025-40064 high 8.0 3mo ago In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), whic… redhatsuserockylinuxdebian
CVE-2025-15275 high 8.0 4mo ago Important: fontforge security update redhatdebiansuserockylinux
CVE-2025-15279 high 8.0 4mo ago Important: fontforge security update redhatdebiansuserockylinux
CVE-2025-15269 high 8.0 4mo ago Important: fontforge security update redhatdebiansuserockylinux
CVE-2025-69971 high 8.0 4mo ago FUXA has a hardcoded fallback JWT signing secret npm
CVE-2025-66199 high 8.0 4mo ago Important: openssl security update redhatsuserockylinuxdebian
CVE-2025-11187 high 8.0 4mo ago Important: openssl security update redhatsuserockylinuxdebian
CVE-2025-15468 high 8.0 4mo ago Important: openssl security update redhatsuserockylinuxdebian
CVE-2025-15469 high 8.0 4mo ago Important: openssl security update redhatsuserockylinuxdebian
CVE-2025-14178 high 8.0 4mo ago Important: php:8.2 security update rockylinuxalmalinuxredhatsuse+1
CVE-2025-14180 high 8.0 4mo ago Important: php:8.2 security update rockylinuxredhatalmalinuxsuse+1
CVE-2025-66418 high 8.0 4mo ago Important: python-urllib3 security update rockylinuxredhatsusedebian+1
CVE-2025-68305 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and so… redhatsuserockylinuxdebian
CVE-2025-68301 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17… rockylinuxredhatsusedebian
CVE-2025-38349 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep re… redhatsuserockylinuxdebian
CVE-2025-38731 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen … redhatsuserockylinuxdebian
CVE-2025-38141 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that… redhatsuserockylinuxdebian
CVE-2025-40294 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() In the parse_adv_monitor_pattern() function, the value of the 'len… redhatsuserockylinuxdebian
CVE-2025-40248 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an… rockylinuxredhatsusedebian
CVE-2025-14422 high 8.0 4mo ago Important: gimp security update rockylinuxredhatdebiansuse
CVE-2025-61729 high 8.0 4mo ago Important: osbuild-composer security update rockylinuxredhatdebiansuse+2
CVE-2025-14424 high 8.0 4mo ago Important: gimp security update redhatdebiansuserockylinux
CVE-2025-14423 high 8.0 4mo ago Important: gimp security update redhatdebiansuserockylinux
CVE-2025-14425 high 8.0 4mo ago Important: gimp security update redhatdebiansuserockylinux
CVE-2025-38051 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may acces… rockylinuxsusedebian
CVE-2025-66566 high 8.0 4mo ago yawkat LZ4 Java has a possible information leak in Java safe decompressor redhatrockylinuxdebianjava
CVE-2025-67269 high 8.0 4mo ago Important: gpsd-minimal security update redhatdebianrockylinux
CVE-2025-68285 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client r… rockylinuxredhatsusedebian
CVE-2025-39933 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes. rockylinuxredhatsusedebian
CVE-2025-38703 high 8.0 4mo ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports… redhatsuserockylinuxdebian