CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: ...

CVSS 9.4 KRITIEK EPSS 2.0% (P84) → KEV: Nee Hype: 19

CVE-2025-59528

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input c...

CVSS 10.0 KRITIEK EPSS 82.4% (P99) → KEV: Nee Hype: 14

CVE-2025-58434

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information includ...

CVSS 9.8 KRITIEK EPSS 9.9% (P93) → KEV: Nee Hype: 14

CVE-2025-2563

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and ...

CVSS 8.1 HOOG EPSS 83.9% (P99) → KEV: Nee Hype: 11

CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread...

CVSS 4.7 MIDDEL EPSS 0.1% (P20) → KEV: Nee Hype: 11

CVE-2025-8061

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated l...

CVSS 7.0 HOOG EPSS 0.0% (P0) → KEV: Nee Hype: 8

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570...

CVSS 5.3 MIDDEL EPSS 0.1% (P32) → KEV: Nee Hype: 8

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, rea...

CVSS 10.0 KRITIEK EPSS 84.9% (P99) ↑ KEV: Ja Ransomware Hype: 4

CVE-2026-34621

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could ...

CVSS 8.6 HOOG EPSS 6.1% (P91) → KEV: Ja Hype: 3

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wi...

CVSS 8.8 HOOG EPSS 7.0% (P92) → KEV: Ja Hype: 1