Every CVE whose affected-product data names Apache Nuttx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-47869 — CVSS 9.8 (critical): Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS…
CVE-2020-17529 — CVSS 9.8 (critical): Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker…
CVE-2020-1939 — CVSS 9.8 (critical): The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and…
CVE-2021-26461 — CVSS 9.8 (critical): Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory…
CVE-2025-35003 — CVSS 9.8 (critical): Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in…
CVE-2025-47868 — CVSS 9.8 (critical): Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion…
CVE-2020-17528 — CVSS 9.1 (critical): Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker…
CVE-2025-48769 — CVSS 8.1 (high): Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single…
CVE-2025-48768 — CVSS 6.5 (medium): Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed…