Skip to main content
CVE-2025-40664 CRITICAL Act Now

Missing authentication vulnerability in TCMAN GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gim
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-23394 CRITICAL PATCH This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.8.4-2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-40671 CRITICAL This Week

SQL injection vulnerability in AES Multimedia's Gestnet v1.07. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-35003 CRITICAL POC Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Buffer Overflow RCE Denial Of Service Nuttx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-2146 CRITICAL This Week

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Buffer Overflow RCE Satera Mf656Cdw Firmware +36
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy