CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

VulnCheck KEV•added 2025/11/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-55346

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

9.8CVSS6AI score0.00052EPSS

In wildExploits0References70

EUVD•added 2025/10/06 2:8 p.m.•2 views

EUVD-2025-24803

Flowise vulnerable to RCE via Dynamic function constructor injection...

9.8CVSS6.5AI score0.00052EPSS

Exploits0References4

Github Security Blog•added 2025/10/06 2:8 p.m.•5 views

Flowise vulnerable to RCE via Dynamic function constructor injection

Summary User-controlled input flows to an unsafe implementaion of a dynamic Function constructor , allowing a malicious actor to run JS code in the context of the host not sandboxed leading to RCE. Details When creating a new Custom MCP Chatflow in the platform, the MCP Server Config displays a...

9.8CVSS7.8AI score0.00052EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/08/16 10:10 a.m.•1 views

CVE-2025-55346

9.8CVSS7.4AI score0.00052EPSS

Exploits0References1

Snyk•added 2025/08/14 10:43 a.m.•1 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection due to the unsafe implementation of a dynamic Function constructor. An attacker can execute arbitrary JavaScript code on the server by sending a crafted POST request...

9.8CVSS7.8AI score0.00052EPSS

Exploits0References2