Skip to main content
CVE-2025-58434 CRITICAL POC PATCH Act Now

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Flowise
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
9.9%
CVE-2025-55835 CRITICAL POC Act Now

File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Sueamcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-45583 CRITICAL POC Act Now

Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Universal Traffic Recorder Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-10266 CRITICAL Act Now

NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-8699 CRITICAL Act Now

Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2024-45434 CRITICAL POC Act Now

OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Blue Sdk
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-9556 CRITICAL This Week

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Langchain AI / ML
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10365 CRITICAL This Week

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-10364 CRITICAL This Week

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection PHP
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-10264 CRITICAL This Week

Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
10.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy