Skip to main content
CVE-2025-59528 CRITICAL POC PATCH THREAT Act Now

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig parameter is parsed unsafely, allowing attackers to inject arbitrary system commands through the MCP server configuration that are executed when Flowise spawns the MCP server process.

RCE Code Injection Node.js Flowise
NVD GitHub Exploit-DB
CVSS 3.1
10.0
EPSS
83.0%
Threat
6.0
CVE-2025-57432 CRITICAL POC Act Now

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Presenter Hd Firmware Web Presenter 4K Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-56074 CRITICAL POC Act Now

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-57441 CRITICAL POC Act Now

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Atem Mini Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-57437 CRITICAL POC Act Now

The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web Presenter Hd Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-58255 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code Injection.5. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-59434 CRITICAL This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-57602 CRITICAL This Week

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-57601 CRITICAL This Week

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-35042 CRITICAL This Week

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Acropolis
NVD
CVSS 4.0
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy