Skip to main content
CVE-2025-67506 CRITICAL POC PATCH Act Now

A critical authentication bypass and path traversal vulnerability in PipesHub AI platform allows unauthenticated remote attackers to upload files with directory traversal sequences, enabling arbitrary file writes anywhere the service account has permissions. This vulnerability affects PipesHub versions prior to 0.1.0-beta and has a publicly available proof-of-concept exploit, making it an immediate priority for organizations using this enterprise search and workflow automation platform. With a CVSS score of 9.8 and the ability to plant malicious code or overwrite critical files, this represents a severe risk to affected systems.

Authentication Bypass File Upload Pipeshub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-14087 CRITICAL PATCH Act Now

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVariant parser by supplying maliciously crafted serialized/text input, resulting in denial of service and potentially arbitrary code execution. Any application linking GLib that deserializes untrusted GVariant data is exposed, which spans broad swaths of the Linux desktop and system stack across Red Hat Enterprise Linux 7-10 and SUSE. There is no public exploit identified at time of analysis, and EPSS exploitation probability is low (0.26%, 49th percentile) despite the 9.8 CVSS, indicating the headline severity is not yet matched by observed exploitation interest.

Denial Of Service RCE Integer Overflow Glib Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-13955 CRITICAL Act Now

Wireless network compromise of EZCast Pro II dongles before version 1.17478.177 occurs because the device's Access Point mode uses a predictable default Wi-Fi password derived from observable identifiers, allowing any attacker within radio range to compute the credential and join the dongle's network. CVSS 4.0 score 9.3 reflects adjacent-network attack vector with no authentication required, and no public exploit identified at time of analysis, though the algorithm is reportedly reversible from broadcast data.

Information Disclosure
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-13954 CRITICAL Act Now

Authorization bypass in EZCast Pro II wireless presentation devices before firmware 1.17478.177 allows adjacent-network attackers to obtain full administrative control of the device Admin UI by leveraging hard-coded cryptographic keys (CWE-798). The flaw was reported through Switzerland's NCSC coordinated vulnerability disclosure programme and carries a CVSS v4.0 base score of 9.3 with automatable exploitation flagged in the vector. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy