Skip to main content
CVE-2020-36846 CRITICAL PATCH Act Now

A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-48757 CRITICAL Act Now

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-44619 CRITICAL Act Now

Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Lock Controller V1 Rf Firmware
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-2500 CRITICAL This Week

A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.1
EPSS
0.2%
CVE-2025-48865 CRITICAL POC PATCH Act Now

Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Fabio Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-46352 CRITICAL This Week

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-41438 CRITICAL This Week

The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-1907 CRITICAL This Week

Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy