CVEs from 2025
Total
9,172
critical
critical 1,302
high
high 1,903
medium
medium 1,917
low
low 193
% Critical
14.2%
% with KEV
2.0%
% with exploit
2.2%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-67268 | high | — | 8.0 | 4mo ago | Important: gpsd-minimal security update | |||
| CVE-2025-68287 | high | — | 8.0 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused b… | |||
| CVE-2025-68285 | high | — | 8.0 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client r… | |||
| CVE-2025-67269 | high | — | 8.0 | 4mo ago | Important: gpsd-minimal security update | |||
| CVE-2025-66566 | high | — | 8.0 | 4mo ago | yawkat LZ4 Java has a possible information leak in Java safe decompressor | |||
| CVE-2025-38703 | high | — | 8.0 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports… | |||
| CVE-2025-39933 | high | — | 8.0 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes. | |||
| CVE-2025-68615 | high | — | 8.0 | 5mo ago | Important: net-snmp security update | |||
| CVE-2025-68973 | high | — | 8.0 | 5mo ago | Important: gnupg2 security update | |||
| CVE-2025-14327 | high | — | 8.0 | 5mo ago | Important: thunderbird security update | |||
| CVE-2025-14523 | high | — | 8.0 | 5mo ago | Important: libsoup security update | |||
| CVE-2025-47913 | high | — | 8.0 | 5mo ago | Important: podman security update | |||
| CVE-2025-39993 | high | — | 8.0 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe in… | |||
| CVE-2025-66293 | high | — | 8.0 | 5mo ago | RHSA-2026:9686: java-17-openjdk security update (Important) | |||
| CVE-2025-64720 | high | — | 8.0 | 5mo ago | Important: java-25-openjdk security update | |||
| CVE-2025-65018 | high | — | 8.0 | 5mo ago | Important: java-25-openjdk security update | |||
| CVE-2025-13699 | high | — | 8.0 | 5mo ago | Important: mariadb:10.5 security update | |||
| CVE-2025-66200 | high | — | 8.0 | 5mo ago | Important: httpd security update | |||
| CVE-2025-58098 | high | — | 8.0 | 5mo ago | Important: httpd security update | |||
| CVE-2025-65082 | high | — | 8.0 | 5mo ago | Important: httpd security update | |||
| CVE-2025-26625 | high | — | 8.0 | 5mo ago | Important: git-lfs security update | |||
| CVE-2025-55753 | high | — | 8.0 | 5mo ago | Important: mod_md security update | |||
| CVE-2025-68156 | high | — | 8.0 | 5mo ago | Important: opentelemetry-collector security update | |||
| CVE-2025-6491 | high | — | 8.0 | 5mo ago | Important: php:8.2 security update | |||
| CVE-2025-43531 | high | — | 8.0 | 5mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43535 | high | — | 8.0 | 5mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43501 | high | — | 8.0 | 5mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43536 | high | — | 8.0 | 5mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-1735 | high | — | 8.0 | 5mo ago | Important: php:8.2 security update | |||
| CVE-2025-43541 | high | — | 8.0 | 5mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-1220 | high | — | 8.0 | 5mo ago | Important: php:8.2 security update | |||
| CVE-2025-39966 | high | — | 8.0 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts… | |||
| CVE-2025-4516 | high | — | 8.0 | 5mo ago | There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To… | |||
| CVE-2025-40176 | high | — | 8.0 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of … | |||
| CVE-2025-13609 | high | — | 8.0 | 6mo ago | Important: keylime security update | |||
| CVE-2025-13499 | high | — | 8.0 | 6mo ago | Important: wireshark security update | |||
| CVE-2025-14321 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14324 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14331 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14328 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14329 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14333 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14323 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14330 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14322 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-14325 | high | — | 8.0 | 6mo ago | Important: firefox security update | |||
| CVE-2025-31651 | high | — | 8.0 | 6mo ago | Apache Tomcat Rewrite rule bypass | |||
| CVE-2025-14229 | high | 8.0 | 8.0 | 6mo ago | A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads t… | |||
| CVE-2025-43440 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43431 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43429 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43421 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-13502 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43433 | high | — | 8.0 | 6mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS … | |||
| CVE-2025-66287 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43427 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43430 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43443 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43434 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43441 | high | — | 8.0 | 6mo ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processi… | |||
| CVE-2025-43425 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43458 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43392 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43432 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-13947 | high | — | 8.0 | 6mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43438 | high | — | 8.0 | 6mo ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watc… | |||
| CVE-2025-66471 | high | — | 8.0 | 6mo ago | Important: resource-agents security update | |||
| CVE-2025-65637 | high | — | 8.0 | 6mo ago | Important: container-tools:rhel8 security update | |||
| CVE-2025-12744 | high | — | 8.0 | 6mo ago | Important: abrt security update | |||
| CVE-2025-39981 | high | — | 8.0 | 6mo ago | Important: kernel-rt security update | |||
| CVE-2025-10924 | high | — | 8.0 | 6mo ago | Important: gimp security update | |||
| CVE-2025-10921 | high | — | 8.0 | 6mo ago | Important: gimp security update | |||
| CVE-2025-10920 | high | — | 8.0 | 6mo ago | Important: gimp security update | |||
| CVE-2025-10925 | high | — | 8.0 | 6mo ago | Important: gimp security update | |||
| CVE-2025-10923 | high | — | 8.0 | 6mo ago | Important: gimp security update | |||
| CVE-2025-10934 | high | — | 8.0 | 6mo ago | Important: gimp security update | |||
| CVE-2025-10922 | high | — | 8.0 | 6mo ago | Important: gimp security update | |||
| CVE-2025-11230 | high | — | 8.0 | 6mo ago | Important: haproxy security update | |||
| CVE-2025-13020 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13018 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13015 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13014 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13019 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13013 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13012 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13017 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-13016 | high | — | 8.0 | 7mo ago | Important: firefox security update | |||
| CVE-2025-59089 | high | — | 8.0 | 7mo ago | Important: python-kdcproxy security update | |||
| CVE-2025-59088 | high | — | 8.0 | 7mo ago | Important: python-kdcproxy security update | |||
| CVE-2025-11561 | high | — | 8.0 | 7mo ago | Important: sssd security update | |||
| CVE-2025-62168 | high | — | 8.0 | 7mo ago | Important: squid security update | |||
| CVE-2025-55315 | high | — | 8.0 | 7mo ago | Important: .NET 9.0 security update | |||
| CVE-2025-55247 | high | — | 8.0 | 7mo ago | Important: .NET 9.0 security update | |||
| CVE-2025-64519 | high | — | 8.0 | 7mo ago | TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter | |||
| CVE-2025-40780 | high | — | 8.0 | 7mo ago | Important: bind9.18 security update | |||
| CVE-2025-40778 | high | — | 8.0 | 7mo ago | Important: bind9.18 security update | |||
| CVE-2025-8677 | high | — | 8.0 | 7mo ago | Important: bind security update | |||
| CVE-2025-52565 | high | — | 8.0 | 7mo ago | Important: runc security update | |||
| CVE-2025-31133 | high | — | 8.0 | 7mo ago | Important: runc security update | |||
| CVE-2025-52881 | high | — | 8.0 | 7mo ago | Important: runc security update |