CVEs from 2025
Total
9,172
critical
critical 1,302
high
high 1,903
medium
medium 1,917
low
low 193
% Critical
14.2%
% with KEV
2.0%
% with exploit
2.2%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4945 | high | — | 8.0 | 7mo ago | Important: libsoup security update | |||
| CVE-2025-11021 | high | — | 8.0 | 7mo ago | Important: libsoup security update | |||
| CVE-2025-62229 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-62230 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-62231 | high | — | 8.0 | 7mo ago | Important: tigervnc security update | |||
| CVE-2025-6176 | high | — | 8.0 | 7mo ago | Important: brotli security update | |||
| CVE-2025-46817 | high | — | 8.0 | 7mo ago | Important: redis:7 security update | |||
| CVE-2025-46818 | high | — | 8.0 | 7mo ago | Important: redis:7 security update | |||
| CVE-2025-46819 | high | — | 8.0 | 7mo ago | Important: redis:7 security update | |||
| CVE-2025-49844 | high | — | 8.0 | 7mo ago | Important: redis:7 security update | |||
| CVE-2025-9900 | high | — | 8.0 | 7mo ago | Important: libtiff security update | |||
| CVE-2025-12235 | high | 8.0 | 8.0 | 7mo ago | A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow.… | |||
| CVE-2025-11711 | high | — | 8.0 | 8mo ago | Important: thunderbird security update | |||
| CVE-2025-11710 | high | — | 8.0 | 8mo ago | Important: thunderbird security update | |||
| CVE-2025-43419 | high | — | 8.0 | 8mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-11715 | high | — | 8.0 | 8mo ago | Important: thunderbird security update | |||
| CVE-2025-43272 | high | — | 8.0 | 8mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-11712 | high | — | 8.0 | 8mo ago | Important: thunderbird security update | |||
| CVE-2025-11714 | high | — | 8.0 | 8mo ago | Important: thunderbird security update | |||
| CVE-2025-55248 | high | — | 8.0 | 8mo ago | Important: .NET 9.0 security update | |||
| CVE-2025-31223 | high | — | 8.0 | 8mo ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted w… | |||
| CVE-2025-43342 | high | — | 8.0 | 8mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43343 | high | — | 8.0 | 8mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-11708 | high | — | 8.0 | 8mo ago | Important: thunderbird security update | |||
| CVE-2025-11709 | high | — | 8.0 | 8mo ago | Important: thunderbird security update | |||
| CVE-2025-43356 | high | — | 8.0 | 8mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-61919 | high | — | 8.0 | 8mo ago | Important: pcs security update | |||
| CVE-2025-61771 | high | — | 8.0 | 8mo ago | Important: pcs security update | |||
| CVE-2025-61770 | high | — | 8.0 | 8mo ago | Important: pcs security update | |||
| CVE-2025-61772 | high | — | 8.0 | 8mo ago | Important: pcs security update | |||
| CVE-2025-7493 | high | — | 8.0 | 8mo ago | Important: ipa security update | |||
| CVE-2025-59830 | high | — | 8.0 | 8mo ago | Important: pcs security update | |||
| CVE-2025-38001 | high | — | 8.0 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this rece… | |||
| CVE-2025-10532 | high | — | 8.0 | 9mo ago | Important: thunderbird security update | |||
| CVE-2025-10527 | high | — | 8.0 | 9mo ago | Important: thunderbird security update | |||
| CVE-2025-10536 | high | — | 8.0 | 9mo ago | Important: thunderbird security update | |||
| CVE-2025-10537 | high | — | 8.0 | 9mo ago | Important: thunderbird security update | |||
| CVE-2025-10529 | high | — | 8.0 | 9mo ago | Important: thunderbird security update | |||
| CVE-2025-10533 | high | — | 8.0 | 9mo ago | Important: thunderbird security update | |||
| CVE-2025-10528 | high | — | 8.0 | 9mo ago | Important: thunderbird security update | |||
| CVE-2025-4953 | high | — | 8.0 | 9mo ago | A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the contai… | |||
| CVE-2025-38332 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target b… | |||
| CVE-2025-58364 | high | — | 8.0 | 9mo ago | Important: cups security update | |||
| CVE-2025-38449 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached … | |||
| CVE-2025-58060 | high | — | 8.0 | 9mo ago | Important: cups security update | |||
| CVE-2025-38392 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on modul… | |||
| CVE-2025-37803 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. | |||
| CVE-2025-8941 | high | — | 8.0 | 9mo ago | Important: pam security update | |||
| CVE-2025-37823 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() … | |||
| CVE-2025-8067 | high | — | 8.0 | 9mo ago | Important: udisks2 security update | |||
| CVE-2025-38500 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be s… | |||
| CVE-2025-38200 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can … | |||
| CVE-2025-38461 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale point… | |||
| CVE-2025-38464 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] … | |||
| CVE-2025-38211 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on th… | |||
| CVE-2025-8713 | high | — | 8.0 | 9mo ago | PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy inten… | |||
| CVE-2025-8715 | high | — | 8.0 | 9mo ago | Important: postgresql:15 security update | |||
| CVE-2025-4207 | high | — | 8.0 | 9mo ago | Important: postgresql:15 security update | |||
| CVE-2025-8714 | high | — | 8.0 | 9mo ago | Important: postgresql:15 security update | |||
| CVE-2025-22058 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory us… | |||
| CVE-2025-9179 | high | — | 8.0 | 9mo ago | Important: firefox security update | |||
| CVE-2025-9180 | high | — | 8.0 | 9mo ago | Important: firefox security update | |||
| CVE-2025-9181 | high | — | 8.0 | 9mo ago | Important: firefox security update | |||
| CVE-2025-9185 | high | — | 8.0 | 9mo ago | Important: firefox security update | |||
| CVE-2025-38417 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate requir… | |||
| CVE-2025-54389 | high | — | 8.0 | 9mo ago | Important: aide security update | |||
| CVE-2025-37914 | high | — | 8.0 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases … | |||
| CVE-2025-9182 | high | — | 8.0 | 9mo ago | Important: firefox security update | |||
| CVE-2025-5914 | high | — | 8.0 | 9mo ago | Important: libarchive security update | |||
| CVE-2025-53506 | high | — | 8.0 | 9mo ago | Important: tomcat security update | |||
| CVE-2025-52434 | high | — | 8.0 | 9mo ago | Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector | |||
| CVE-2025-48976 | high | — | 8.0 | 9mo ago | Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers | |||
| CVE-2025-52520 | high | — | 8.0 | 9mo ago | Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits | |||
| CVE-2025-49125 | high | — | 8.0 | 9mo ago | Apache Tomcat - Security constraint bypass for pre/post-resources | |||
| CVE-2025-48988 | high | — | 8.0 | 9mo ago | Apache Tomcat - DoS in multipart upload | |||
| CVE-2025-47907 | high | — | 8.0 | 10mo ago | Important: podman security update | |||
| CVE-2025-38250 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From t… | |||
| CVE-2025-38159 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is pass… | |||
| CVE-2025-4674 | high | — | 8.0 | 10mo ago | Important: golang security update | |||
| CVE-2025-38380 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2025-38084 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing throu… | |||
| CVE-2025-38085 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously… | |||
| CVE-2025-43227 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43265 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43212 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43240 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-31273 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43216 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-43211 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-31278 | high | — | 8.0 | 10mo ago | Important: webkit2gtk3 security update | |||
| CVE-2025-23266 | high | — | 8.0 | 10mo ago | Important: toolbox security update | |||
| CVE-2025-37890 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF c… | |||
| CVE-2025-38087 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side cri… | |||
| CVE-2025-38052 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call tr… | |||
| CVE-2025-22020 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: =======================… | |||
| CVE-2025-21929 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driv… | |||
| CVE-2025-21962 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is inten… | |||
| CVE-2025-21928 | high | — | 8.0 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after t… | |||
| CVE-2025-52999 | high | — | 8.0 | 10mo ago | Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update | |||
| CVE-2025-5994 | high | — | 8.0 | 10mo ago | Important: unbound security update |