📝 The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

📅 Published: 14/04/2025

📈 CVSS: 8.1

🧭 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 5

⚠️ Priority: 2

📝 Analysis: Unauthenticated users can escalate privileges in WordPress User Registration & Membership plugin before version 4.1.2, leading to admin privilege gain. High CVSS score but low EPSS, prioritization 2. Confirmed exploitation not detected as of yet.

📝 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

📅 Published: 07/06/2023

📈 CVSS: 8.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 37

⚠️ Priority: {"error":"Priority not found for this CVE."}

📝 Analysis: A command injection vulnerability has been discovered in multiple TP-Link models, exploitable via /userRpm/WlanNetworkRpm component. No known in-the-wild activity, but priority 2 due to high CVSS score and low Exploitability Scoring System (EPSS) score.

📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

📅 Published: 21/08/2025

📈 CVSS: 0

🛡️ CISA KEV: True

🧭 Vector: n/a

📣 Mentions: 23

⚠️ Priority: 1+

📝 Analysis: A memory corruption issue exists in macOS and iOS versions listed, stemming from processing malicious image files. While not widely exploited, Apple has reported a targeted attack. Given the potential for sophisticated attacks and the high CVSS score, this vulnerability warrants attention as a priority 2 concern.

📝 A use-after-free vulnerability in the Linux kernels netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📅 Published: 31/01/2024

📈 CVSS: 7.8

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 24

⚠️ Priority: 1+

📝 Analysis: A use-after-free vulnerability in Linux kernel's netfilter: nf_tables, exploitable for local privilege escalation via the nft_verdict_init() function. The nf_hook_slow() function can trigger a double free vulnerability with NF_DROP when using drop errors similar to NF_ACCEPT. Confirmed exploited by attackers; priority is 1+, requiring immediate attention past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

📅 Published: 03/12/2025

📈 CVSS: 10

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 908

⚠️ Priority: 1+

📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.

📅 Published: 22/09/2025

📈 CVSS: 10

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 8

⚠️ Priority: 2

📝 Analysis: Remote code execution vulnerability found in Flowise v3.0.5 due to insufficient input validation in the CustomMCP node. JavaScript code can be executed with full Node.js privileges, potentially enabling dangerous operations like child_process and fs access. This issue has been patched in version 3.0.6. Given high CVSS score but low Exploitability Potential Score (EPSS), it is a priority 2 vulnerability.

📝 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📅 Published: 11/04/2026

📈 CVSS: 8.6

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

📣 Mentions: 31

⚠️ Priority: 1+

📝 Analysis: A prototype pollution vulnerability exists in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier, enabling arbitrary code execution after user interaction. Though no known exploits have been detected, the high CVSS score indicates a priority 2 issue due to its low Exploitability Maturity Model (EMM) score but high severity.

📝 An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

📅 Published: 29/04/2025

📈 CVSS: 9.4

🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

📣 Mentions: 3

⚠️ Priority: 2

📝 Analysis: A critical Remote Code Execution vulnerability in ShowDoc (before 2.8.7) exists due to an improper file extension validation in unrestricted file upload functionality. High exploitability and a CISA KEV not specified, making it a priority 2 issue with high CVSS score.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO). This vulnerability applies to both the cloud service (cloud.flowiseai.com) and self-hosted/local Flowise deployments that expose the same API. Commit 9e178d68873eb876073846433a596590d3d9c863 in version 3.0.6 secures password reset endpoints. Several recommended remediation steps are available. Do not return reset tokens or sensitive account details in API responses. Tokens must only be delivered securely via the registered email channel. Ensure forgot-password responds with a generic success message regardless of input, to avoid user enumeration. Require strong validation of the tempToken (e.g., single-use, short expiry, tied to request origin, validated against email delivery). Apply the same fixes to both cloud and self-hosted/local deployments. Log and monitor password reset requests for suspicious activity. Consider multi-factor verification for sensitive accounts.

📅 Published: 12/09/2025

📈 CVSS: 9.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 6

⚠️ Priority: 2

📝 Analysis: In version 3.0.5 and earlier of Flowise, an unauthenticated attacker can reset arbitrary user passwords via a forgot-password endpoint vulnerability, resulting in a complete account takeover (ATO). This applies to both cloud service and self-hosted deployments. Prioritization score: 2 (high CVSS, low exploitation potential). Remediation actions include securing password reset endpoints, preventing sensitive information disclosure in API responses, and validating tempToken usage.

📝 n/a

📈 CVSS: 0

🧭 Vector: n/a

⚠️ Priority: n/a

📝 Analysis: A local privilege escalation issue exists within the AMD Platform Configuration Blob (APCB) SMM driver's boot service, potentially enabling arbitrary code execution for privileged attackers with Ring 0 access. No known in-the-wild activity reported yet. Given high CVSS and pending analysis, this is a potential high priority vulnerability.

📝 The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

📅 Published: 14/04/2025

📈 CVSS: 8.1

🧭 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 5

⚠️ Priority: 2

📝 Analysis: Unauthenticated users can escalate privileges in WordPress User Registration & Membership plugin before version 4.1.2, leading to admin privilege gain. High CVSS score but low EPSS, prioritization 2. Confirmed exploitation not detected as of yet.

📝 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

📅 Published: 07/06/2023

📈 CVSS: 8.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 37

⚠️ Priority: {"error":"Priority not found for this CVE."}

📝 Analysis: A command injection vulnerability has been discovered in multiple TP-Link models, exploitable via /userRpm/WlanNetworkRpm component. No known in-the-wild activity, but priority 2 due to high CVSS score and low Exploitability Scoring System (EPSS) score.

📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

📅 Published: 21/08/2025

📈 CVSS: 0

🛡️ CISA KEV: True

🧭 Vector: n/a

📣 Mentions: 23

⚠️ Priority: 1+

📝 Analysis: A memory corruption issue exists in macOS and iOS versions listed, stemming from processing malicious image files. While not widely exploited, Apple has reported a targeted attack. Given the potential for sophisticated attacks and the high CVSS score, this vulnerability warrants attention as a priority 2 concern.

📝 A use-after-free vulnerability in the Linux kernels netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📅 Published: 31/01/2024

📈 CVSS: 7.8

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 24

⚠️ Priority: 1+

📝 Analysis: A use-after-free vulnerability in Linux kernel's netfilter: nf_tables, exploitable for local privilege escalation via the nft_verdict_init() function. The nf_hook_slow() function can trigger a double free vulnerability with NF_DROP when using drop errors similar to NF_ACCEPT. Confirmed exploited by attackers; priority is 1+, requiring immediate attention past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

📅 Published: 03/12/2025

📈 CVSS: 10

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 908

⚠️ Priority: 1+

📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.

📅 Published: 22/09/2025

📈 CVSS: 10

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 8

⚠️ Priority: 2

📝 Analysis: Remote code execution vulnerability found in Flowise v3.0.5 due to insufficient input validation in the CustomMCP node. JavaScript code can be executed with full Node.js privileges, potentially enabling dangerous operations like child_process and fs access. This issue has been patched in version 3.0.6. Given high CVSS score but low Exploitability Potential Score (EPSS), it is a priority 2 vulnerability.

📝 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📅 Published: 11/04/2026

📈 CVSS: 8.6

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

📣 Mentions: 31

⚠️ Priority: 1+

📝 Analysis: A prototype pollution vulnerability exists in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier, enabling arbitrary code execution after user interaction. Though no known exploits have been detected, the high CVSS score indicates a priority 2 issue due to its low Exploitability Maturity Model (EMM) score but high severity.

📝 An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

📅 Published: 29/04/2025

📈 CVSS: 9.4

🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

📣 Mentions: 3

⚠️ Priority: 2

📝 Analysis: A critical Remote Code Execution vulnerability in ShowDoc (before 2.8.7) exists due to an improper file extension validation in unrestricted file upload functionality. High exploitability and a CISA KEV not specified, making it a priority 2 issue with high CVSS score.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO). This vulnerability applies to both the cloud service (cloud.flowiseai.com) and self-hosted/local Flowise deployments that expose the same API. Commit 9e178d68873eb876073846433a596590d3d9c863 in version 3.0.6 secures password reset endpoints. Several recommended remediation steps are available. Do not return reset tokens or sensitive account details in API responses. Tokens must only be delivered securely via the registered email channel. Ensure forgot-password responds with a generic success message regardless of input, to avoid user enumeration. Require strong validation of the tempToken (e.g., single-use, short expiry, tied to request origin, validated against email delivery). Apply the same fixes to both cloud and self-hosted/local deployments. Log and monitor password reset requests for suspicious activity. Consider multi-factor verification for sensitive accounts.

📅 Published: 12/09/2025

📈 CVSS: 9.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 6

⚠️ Priority: 2

📝 Analysis: In version 3.0.5 and earlier of Flowise, an unauthenticated attacker can reset arbitrary user passwords via a forgot-password endpoint vulnerability, resulting in a complete account takeover (ATO). This applies to both cloud service and self-hosted deployments. Prioritization score: 2 (high CVSS, low exploitation potential). Remediation actions include securing password reset endpoints, preventing sensitive information disclosure in API responses, and validating tempToken usage.

📝 n/a

📈 CVSS: 0

🧭 Vector: n/a

⚠️ Priority: n/a

📝 Analysis: A local privilege escalation issue exists within the AMD Platform Configuration Blob (APCB) SMM driver's boot service, potentially enabling arbitrary code execution for privileged attackers with Ring 0 access. No known in-the-wild activity reported yet. Given high CVSS and pending analysis, this is a potential high priority vulnerability.

📝 The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

📅 Published: 14/04/2025

📈 CVSS: 8.1

🧭 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 5

⚠️ Priority: 2

📝 Analysis: Unauthenticated users can escalate privileges in WordPress User Registration & Membership plugin before version 4.1.2, leading to admin privilege gain. High CVSS score but low EPSS, prioritization 2. Confirmed exploitation not detected as of yet.

📝 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

📅 Published: 07/06/2023

📈 CVSS: 8.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 37

⚠️ Priority: {"error":"Priority not found for this CVE."}

📝 Analysis: A command injection vulnerability has been discovered in multiple TP-Link models, exploitable via /userRpm/WlanNetworkRpm component. No known in-the-wild activity, but priority 2 due to high CVSS score and low Exploitability Scoring System (EPSS) score.

📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

📅 Published: 21/08/2025

📈 CVSS: 0

🛡️ CISA KEV: True

🧭 Vector: n/a

📣 Mentions: 23

⚠️ Priority: 1+

📝 Analysis: A memory corruption issue exists in macOS and iOS versions listed, stemming from processing malicious image files. While not widely exploited, Apple has reported a targeted attack. Given the potential for sophisticated attacks and the high CVSS score, this vulnerability warrants attention as a priority 2 concern.

📝 A use-after-free vulnerability in the Linux kernels netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📅 Published: 31/01/2024

📈 CVSS: 7.8

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 24

⚠️ Priority: 1+

📝 Analysis: A use-after-free vulnerability in Linux kernel's netfilter: nf_tables, exploitable for local privilege escalation via the nft_verdict_init() function. The nf_hook_slow() function can trigger a double free vulnerability with NF_DROP when using drop errors similar to NF_ACCEPT. Confirmed exploited by attackers; priority is 1+, requiring immediate attention past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

📅 Published: 03/12/2025

📈 CVSS: 10

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 908

⚠️ Priority: 1+

📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.

📅 Published: 22/09/2025

📈 CVSS: 10

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 8

⚠️ Priority: 2

📝 Analysis: Remote code execution vulnerability found in Flowise v3.0.5 due to insufficient input validation in the CustomMCP node. JavaScript code can be executed with full Node.js privileges, potentially enabling dangerous operations like child_process and fs access. This issue has been patched in version 3.0.6. Given high CVSS score but low Exploitability Potential Score (EPSS), it is a priority 2 vulnerability.

📝 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📅 Published: 11/04/2026

📈 CVSS: 8.6

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

📣 Mentions: 31

⚠️ Priority: 1+

📝 Analysis: A prototype pollution vulnerability exists in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier, enabling arbitrary code execution after user interaction. Though no known exploits have been detected, the high CVSS score indicates a priority 2 issue due to its low Exploitability Maturity Model (EMM) score but high severity.

📝 An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

📅 Published: 29/04/2025

📈 CVSS: 9.4

🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

📣 Mentions: 3

⚠️ Priority: 2

📝 Analysis: A critical Remote Code Execution vulnerability in ShowDoc (before 2.8.7) exists due to an improper file extension validation in unrestricted file upload functionality. High exploitability and a CISA KEV not specified, making it a priority 2 issue with high CVSS score.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO). This vulnerability applies to both the cloud service (cloud.flowiseai.com) and self-hosted/local Flowise deployments that expose the same API. Commit 9e178d68873eb876073846433a596590d3d9c863 in version 3.0.6 secures password reset endpoints. Several recommended remediation steps are available. Do not return reset tokens or sensitive account details in API responses. Tokens must only be delivered securely via the registered email channel. Ensure forgot-password responds with a generic success message regardless of input, to avoid user enumeration. Require strong validation of the tempToken (e.g., single-use, short expiry, tied to request origin, validated against email delivery). Apply the same fixes to both cloud and self-hosted/local deployments. Log and monitor password reset requests for suspicious activity. Consider multi-factor verification for sensitive accounts.

📅 Published: 12/09/2025

📈 CVSS: 9.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 6

⚠️ Priority: 2

📝 Analysis: In version 3.0.5 and earlier of Flowise, an unauthenticated attacker can reset arbitrary user passwords via a forgot-password endpoint vulnerability, resulting in a complete account takeover (ATO). This applies to both cloud service and self-hosted deployments. Prioritization score: 2 (high CVSS, low exploitation potential). Remediation actions include securing password reset endpoints, preventing sensitive information disclosure in API responses, and validating tempToken usage.

📝 n/a

📈 CVSS: 0

🧭 Vector: n/a

⚠️ Priority: n/a

📝 Analysis: A local privilege escalation issue exists within the AMD Platform Configuration Blob (APCB) SMM driver's boot service, potentially enabling arbitrary code execution for privileged attackers with Ring 0 access. No known in-the-wild activity reported yet. Given high CVSS and pending analysis, this is a potential high priority vulnerability.

📝 The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

📅 Published: 14/04/2025

📈 CVSS: 8.1

🧭 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 5

⚠️ Priority: 2

📝 Analysis: Unauthenticated users can escalate privileges in WordPress User Registration & Membership plugin before version 4.1.2, leading to admin privilege gain. High CVSS score but low EPSS, prioritization 2. Confirmed exploitation not detected as of yet.

📝 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

📅 Published: 07/06/2023

📈 CVSS: 8.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 37

⚠️ Priority: {"error":"Priority not found for this CVE."}

📝 Analysis: A command injection vulnerability has been discovered in multiple TP-Link models, exploitable via /userRpm/WlanNetworkRpm component. No known in-the-wild activity, but priority 2 due to high CVSS score and low Exploitability Scoring System (EPSS) score.

📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

📅 Published: 21/08/2025

📈 CVSS: 0

🛡️ CISA KEV: True

🧭 Vector: n/a

📣 Mentions: 23

⚠️ Priority: 1+

📝 Analysis: A memory corruption issue exists in macOS and iOS versions listed, stemming from processing malicious image files. While not widely exploited, Apple has reported a targeted attack. Given the potential for sophisticated attacks and the high CVSS score, this vulnerability warrants attention as a priority 2 concern.

📝 A use-after-free vulnerability in the Linux kernels netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📅 Published: 31/01/2024

📈 CVSS: 7.8

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 24

⚠️ Priority: 1+

📝 Analysis: A use-after-free vulnerability in Linux kernel's netfilter: nf_tables, exploitable for local privilege escalation via the nft_verdict_init() function. The nf_hook_slow() function can trigger a double free vulnerability with NF_DROP when using drop errors similar to NF_ACCEPT. Confirmed exploited by attackers; priority is 1+, requiring immediate attention past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

📅 Published: 03/12/2025

📈 CVSS: 10

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 908

⚠️ Priority: 1+

📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.

📅 Published: 22/09/2025

📈 CVSS: 10

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 8

⚠️ Priority: 2

📝 Analysis: Remote code execution vulnerability found in Flowise v3.0.5 due to insufficient input validation in the CustomMCP node. JavaScript code can be executed with full Node.js privileges, potentially enabling dangerous operations like child_process and fs access. This issue has been patched in version 3.0.6. Given high CVSS score but low Exploitability Potential Score (EPSS), it is a priority 2 vulnerability.

📝 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📅 Published: 11/04/2026

📈 CVSS: 8.6

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

📣 Mentions: 31

⚠️ Priority: 1+

📝 Analysis: A prototype pollution vulnerability exists in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier, enabling arbitrary code execution after user interaction. Though no known exploits have been detected, the high CVSS score indicates a priority 2 issue due to its low Exploitability Maturity Model (EMM) score but high severity.

📝 An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

📅 Published: 29/04/2025

📈 CVSS: 9.4

🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

📣 Mentions: 3

⚠️ Priority: 2

📝 Analysis: A critical Remote Code Execution vulnerability in ShowDoc (before 2.8.7) exists due to an improper file extension validation in unrestricted file upload functionality. High exploitability and a CISA KEV not specified, making it a priority 2 issue with high CVSS score.

📝 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO). This vulnerability applies to both the cloud service (cloud.flowiseai.com) and self-hosted/local Flowise deployments that expose the same API. Commit 9e178d68873eb876073846433a596590d3d9c863 in version 3.0.6 secures password reset endpoints. Several recommended remediation steps are available. Do not return reset tokens or sensitive account details in API responses. Tokens must only be delivered securely via the registered email channel. Ensure forgot-password responds with a generic success message regardless of input, to avoid user enumeration. Require strong validation of the tempToken (e.g., single-use, short expiry, tied to request origin, validated against email delivery). Apply the same fixes to both cloud and self-hosted/local deployments. Log and monitor password reset requests for suspicious activity. Consider multi-factor verification for sensitive accounts.

📅 Published: 12/09/2025

📈 CVSS: 9.8

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 6

⚠️ Priority: 2

📝 Analysis: In version 3.0.5 and earlier of Flowise, an unauthenticated attacker can reset arbitrary user passwords via a forgot-password endpoint vulnerability, resulting in a complete account takeover (ATO). This applies to both cloud service and self-hosted deployments. Prioritization score: 2 (high CVSS, low exploitation potential). Remediation actions include securing password reset endpoints, preventing sensitive information disclosure in API responses, and validating tempToken usage.

📝 n/a

📈 CVSS: 0

🧭 Vector: n/a

⚠️ Priority: n/a

📝 Analysis: A local privilege escalation issue exists within the AMD Platform Configuration Blob (APCB) SMM driver's boot service, potentially enabling arbitrary code execution for privileged attackers with Ring 0 access. No known in-the-wild activity reported yet. Given high CVSS and pending analysis, this is a potential high priority vulnerability.