Skip to main content
CVE-2026-25505 CRITICAL POC PATCH Act Now

Bambuddy 3D printer management system has missing authentication (CVSS 9.8) allowing unauthenticated access to printer control and print archive.

Authentication Bypass Bambuddy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-62616 CRITICAL POC Act Now

AutoGPT has a second SSRF vulnerability (CVSS 9.8) in a different endpoint, providing an additional path to access internal network resources.

SSRF AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-62615 CRITICAL POC Act Now

AutoGPT has a Server-Side Request Forgery vulnerability (CVSS 9.8) allowing unauthenticated attackers to make the AI platform access internal network resources.

SSRF AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25481 CRITICAL POC PATCH GHSA Act Now

Langroid LLM framework prior to 0.5 has a code injection vulnerability (CVSS 9.6) allowing attackers to execute arbitrary code through the AI agent system.

Code Injection AI / ML Langroid
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-25521 CRITICAL POC PATCH Act Now

Prototype pollution in the Locutus JavaScript library (npm package, versions >= 2.0.12 and < 2.0.39) lets attacker-influenced input passed to the php.strings.parse_str function pollute Object.prototype, bypassing a prior guard. The earlier fix rejected forbidden keys using String.prototype.includes(), but an attacker able to override that method - or supply crafted keys such as constructor[prototype][polluted]=yes - defeats the check; publicly available exploit code exists in the GHSA advisory. EPSS exploitation probability is very low (0.01%, 1st percentile), it is not on CISA KEV, and no public exploit is identified as active in the wild.

Locutus Information Disclosure Prototype Pollution
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-25539 CRITICAL POC PATCH Act Now

SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file operations on the server.

SSH RCE Siyuan
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2026-25139 CRITICAL POC Act Now

RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure or crashes on IoT devices.

IoT Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-25160 CRITICAL POC PATCH GHSA Act Now

Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file operations and stored credentials.

TLS Alist Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-59818 CRITICAL Act Now

A product has an authenticated command injection vulnerability (CVSS 10.0) allowing execution of arbitrary OS commands on the underlying system.

Command Injection Tcis 3 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-1633 CRITICAL Act Now

Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0), enabling unauthenticated control of serial devices.

IoT Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-25115 CRITICAL PATCH Act Now

n8n has a protection mechanism bypass (CVSS 9.9) in the Python sandbox allowing authenticated users to escape code execution restrictions.

Python N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-25049 CRITICAL POC PATCH Act Now

n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.

RCE Command Injection Code Injection Node.js AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25053 CRITICAL PATCH Act Now

n8n has a command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands through workflow definitions.

RCE Command Injection Information Disclosure Node.js AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25052 CRITICAL PATCH Act Now

n8n has a TOCTOU race condition vulnerability (CVSS 9.9) enabling bypass of execution restrictions in workflow processing.

Information Disclosure AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-64712 CRITICAL PATCH Act Now

The unstructured Python library for document ingestion has a path traversal vulnerability allowing arbitrary file read/write during document processing.

Path Traversal Unstructured
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13375 CRITICAL Act Now

IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 allows unauthenticated users to execute certain cryptographic operations that should require elevated privileges.

IBM
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25526 CRITICAL PATCH Act Now

JinJava template engine has a server-side template injection vulnerability enabling arbitrary code execution through crafted Jinja-style templates.

Java Golang Django Jinjava
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-5329 CRITICAL Act Now

An Emit Informatics product has a SQL injection vulnerability allowing unauthenticated attackers to compromise the database through unsanitized input.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy