Skip to main content
CVE-2025-48336 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-41591 CRITICAL Act Now

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Onos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-30466 CRITICAL Act Now

This issue was addressed through improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-31263 CRITICAL This Week

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-4967 CRITICAL This Week

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-47933 CRITICAL PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Kubernetes XSS Argo Cd Red Hat Suse
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-48748 CRITICAL This Week

Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Directory Manager
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-48047 CRITICAL This Week

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD
CVSS 4.0
9.4
EPSS
1.6%
CVE-2025-3755 CRITICAL This Week

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy