Skip to main content
CVE-2025-3248 CRITICAL POC KEV PATCH THREAT Act Now

Langflow before 1.3.0 allows unauthenticated remote code injection through the /api/v1/validate/code endpoint, enabling attackers to execute arbitrary Python code on the server without authentication.

Authentication Bypass Langflow
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.1%
Threat
7.7
CVE-2025-28412 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28410 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28406 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28405 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28402 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-20654 CRITICAL Act Now

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Software Development Kit Mt7622 +6
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-28413 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28411 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28408 CRITICAL POC Act Now

{deptId} endpoint does not properly validate the deptId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy