2025 CVEs

44876 CVEs published in 2025. 3532 critical, 15165 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2025
CVESeverityScorePublishedSummary
CVE-2025-71338Critical10.02026-06-25Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary…
CVE-2025-69129Critical10.02026-06-17Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-15638Critical10.02026-04-21Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 201…
CVE-2025-54328Critical10.02026-04-06An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400…
CVE-2025-15036Critical10.02026-03-30A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow…
CVE-2025-48611Critical10.02026-03-10In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no…
CVE-2025-30416Critical10.02026-02-20Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before…
CVE-2025-30412Critical10.02026-02-20Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor…
CVE-2025-30411Critical10.02026-02-20Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor…
CVE-2025-69770Critical10.02026-02-13A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a c…
CVE-2025-64075Critical10.02026-02-11A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authenticati…
CVE-2025-68121Critical10.02026-02-05During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed han…
CVE-2025-59818Critical10.02026-02-04This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
CVE-2025-10878Critical10.02026-02-03A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are v…
CVE-2025-70841Critical10.02026-02-03Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct…
CVE-2025-57792Critical10.02026-01-28Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. A…
CVE-2025-4320Critical10.02026-01-23Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutio…
CVE-2025-69828Critical10.02026-01-22File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo…
CVE-2025-68001Critical10.02026-01-22Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue af…
CVE-2025-50002Critical10.02026-01-22Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: f…