2025 CVEs
44876 CVEs published in 2025. 3532 critical, 15165 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-71338 | Critical | 10.0 | 2026-06-25 | Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary… |
CVE-2025-69129 | Critical | 10.0 | 2026-06-17 | Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. |
CVE-2025-15638 | Critical | 10.0 | 2026-04-21 | Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 201… |
CVE-2025-54328 | Critical | 10.0 | 2026-04-06 | An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400… |
CVE-2025-15036 | Critical | 10.0 | 2026-03-30 | A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow… |
CVE-2025-48611 | Critical | 10.0 | 2026-03-10 | In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no… |
CVE-2025-30416 | Critical | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before… |
CVE-2025-30412 | Critical | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor… |
CVE-2025-30411 | Critical | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor… |
CVE-2025-69770 | Critical | 10.0 | 2026-02-13 | A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a c… |
CVE-2025-64075 | Critical | 10.0 | 2026-02-11 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authenticati… |
CVE-2025-68121 | Critical | 10.0 | 2026-02-05 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed han… |
CVE-2025-59818 | Critical | 10.0 | 2026-02-04 | This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. |
CVE-2025-10878 | Critical | 10.0 | 2026-02-03 | A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are v… |
CVE-2025-70841 | Critical | 10.0 | 2026-02-03 | Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct… |
CVE-2025-57792 | Critical | 10.0 | 2026-01-28 | Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. A… |
CVE-2025-4320 | Critical | 10.0 | 2026-01-23 | Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutio… |
CVE-2025-69828 | Critical | 10.0 | 2026-01-22 | File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo… |
CVE-2025-68001 | Critical | 10.0 | 2026-01-22 | Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue af… |
CVE-2025-50002 | Critical | 10.0 | 2026-01-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: f… |