Skip to main content
CVE-2025-34291 CRITICAL POC KEV PATCH THREAT GHSA Act Now

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints - including built-in code-execution functionality - allowing the attacker to execute arbitrary code and achieve full system compromise.

RCE Langflow
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
17.6%
Threat
5.4
CVE-2025-66570 CRITICAL POC PATCH Act Now

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Authentication Bypass Docker Ubuntu Debian Cpp Httplib +1
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-64054 CRITICAL POC Act Now

A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

XSS Denial Of Service X210 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2020-36877 CRITICAL POC Act Now

ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.

PHP Command Injection RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-34256 CRITICAL PATCH Act Now

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.

RCE
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-12374 CRITICAL Act Now

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login - User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-13313 CRITICAL Act Now

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_changepassword` endpoint, granted they can obtain or enumerate a target user's email address. The plugin also exposes the `ntzcrm_get_users` endpoint without authentication, allowing attackers to enumerate subscriber email addresses, facilitating the exploitation of the password reset vulnerability.

Privilege Escalation Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-66562 CRITICAL PATCH Act Now

TUUI is a desktop MCP client designed as a tool unitary utility integration.

XSS RCE Tuui
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy