Skip to main content
CVE-2025-9276 CRITICAL Act Now

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Cockroach K8S Request Cert CockroachDB
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2025-26416 CRITICAL Act Now

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22429 CRITICAL Act Now

In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-22435 CRITICAL Act Now

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-6519 CRITICAL Act Now

E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-52551 CRITICAL Act Now

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-9696 CRITICAL This Week

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-5662 CRITICAL This Week

A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2025-57140 CRITICAL POC Act Now

rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruisibi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-52549 CRITICAL This Week

E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
9.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy