Skip to main content
CVE-2025-54782 CRITICAL POC PATCH THREAT Act Now

Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Command Injection RCE Node.js Devtools Integration
NVD GitHub
CVSS 4.0
9.4
EPSS
22.1%
Threat
4.0
CVE-2025-7710 CRITICAL This Week

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-6077 CRITICAL This Week

Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54790 CRITICAL This Week

Files is a module for managing files inside spaces and user profiles. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Files
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy