2025 CVE Vulnerabilities
44,846 CVEs published in 2025.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-32423 | MEDIUM | 5.3 | — | Jun 26, 2026 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent... |
| CVE-2025-32394 | MEDIUM | 5.3 | — | Jun 26, 2026 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent... |
| CVE-2025-11919 | CRITICAL | 9.6 | — | Jun 26, 2026 | The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the... |
| CVE-2025-68075 | MEDIUM | 6.5 | — | Jun 26, 2026 | Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions. |
| CVE-2025-68074 | MEDIUM | 6.5 | — | Jun 26, 2026 | Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. |
| CVE-2025-68064 | HIGH | 7.5 | — | Jun 26, 2026 | Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. |
| CVE-2025-68063 | HIGH | 7.5 | — | Jun 26, 2026 | Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versio... |
| CVE-2025-68052 | HIGH | 8.8 | — | Jun 26, 2026 | Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. |
| CVE-2025-66123 | MEDIUM | 5.3 | — | Jun 26, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. |
| CVE-2025-64637 | MEDIUM | 5.3 | — | Jun 26, 2026 | Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. |
| CVE-2025-64636 | MEDIUM | 5.3 | — | Jun 26, 2026 | Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. |
| CVE-2025-63079 | MEDIUM | 4.3 | — | Jun 26, 2026 | Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. |
| CVE-2025-63078 | MEDIUM | 4.3 | — | Jun 26, 2026 | Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. |
| CVE-2025-63041 | MEDIUM | 5.4 | — | Jun 26, 2026 | Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. |
| CVE-2025-64152 | CRITICAL | 9.1 | — | Jun 26, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issu... |
| CVE-2025-55017 | CRITICAL | 9.1 | — | Jun 26, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issu... |
| CVE-2025-7958 | HIGH | 7.1 | — | Jun 26, 2026 | A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can exe... |
| CVE-2025-10268 | MEDIUM | 5.3 | 0.2% | Jun 26, 2026 | The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path travers... |
| CVE-2025-71340 | HIGH | 7.6 | 0.3% | Jun 25, 2026 | picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode... |
| CVE-2025-71338 | CRITICAL | 10 | 0.6% | Jun 25, 2026 | Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauth... |
| CVE-2025-71336 | CRITICAL | 9.3 | 0.7% | Jun 25, 2026 | Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnera... |
| CVE-2025-71335 | HIGH | 8.6 | 0.3% | Jun 25, 2026 | Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens aft... |
| CVE-2025-71334 | CRITICAL | 9.3 | 0.9% | Jun 25, 2026 | Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missin... |
| CVE-2025-71333 | CRITICAL | 9.3 | 0.5% | Jun 25, 2026 | Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoin... |
| CVE-2025-71328 | HIGH | 8.7 | 0.3% | Jun 25, 2026 | Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their accou... |
Check if your code is affected by 2025 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now