| CVE-2025-9316 |
0.787 |
99th |
0 |
No public description yet. |
| CVE-2025-8943 |
0.658 |
98th |
1 |
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro... |
| CVE-2025-8489 |
0.433 |
97th |
0 |
No public description yet. |
| CVE-2025-8426 |
0.394 |
97th |
0 |
No public description yet. |
| CVE-2025-8518 |
0.339 |
97th |
1 |
A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l... |
| CVE-2025-8868 |
0.171 |
95th |
0 |
No public description yet. |
| CVE-2025-8730 |
0.119 |
93th |
2 |
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c... |
| CVE-2025-7795 |
0.096 |
93th |
3 |
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa... |
| CVE-2025-9090 |
0.083 |
92th |
4 |
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible... |
| CVE-2025-8085 |
0.078 |
92th |
1 |
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. |