CVSS: 7.3EPSS: %CPEs: -EXPL: 0CVE-2025-7024 – Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)
https://notcve.org/view.php?id=CVE-2025-7024
03 Apr 2026 — An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. • https://cwe.mitre.org/data/definitions/276.html • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: %CPEs: 1EXPL: 0CVE-2023-7343 – Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File
https://notcve.org/view.php?id=CVE-2023-7343
02 Apr 2026 — HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device. • https://assets.belden.com/m/774e2db2b0100bc1/original/Belden-Security-Bulletin-BSECV-2023-06.pdf • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: %CPEs: 3EXPL: 0CVE-2026-34838 – Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`
https://notcve.org/view.php?id=CVE-2026-34838
02 Apr 2026 — By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. • https://github.com/Intermesh/groupoffice/releases/tag/v25.0.90 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.2EPSS: %CPEs: 1EXPL: 0CVE-2026-35053 – OneUptime: Unauthenticated Workflow Execution via ManualAPI
https://notcve.org/view.php?id=CVE-2026-35053
02 Apr 2026 — Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication middleware. An attacker who can obtain or guess a workflow ID can trigger arbitrary workflow execution with attacker-controlled input data, enabling JavaScript code execution, notification abuse, and data manipulation. • https://github.com/OneUptime/oneuptime/releases/tag/10.0.42 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.7EPSS: %CPEs: 1EXPL: 0CVE-2026-34735 – Hytale Modding Vulnerable to Remote Code Execution via File Upload Bypass in `FileController`
https://notcve.org/view.php?id=CVE-2026-34735
02 Apr 2026 — The file is stored on the public disk and is directly accessible via URL, allowing server-side code execution. • https://github.com/HytaleModding/wiki/security/advisories/GHSA-2xqq-6778-h4j9 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: %CPEs: 1EXPL: 0CVE-2026-34725 – dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
https://notcve.org/view.php?id=CVE-2026-34725
02 Apr 2026 — In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. • https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: %CPEs: 1EXPL: 0CVE-2026-34591 – Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
https://notcve.org/view.php?id=CVE-2026-34591
02 Apr 2026 — ./ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. ... (Normally, installing a malicious wheel is not sufficient for execution of malicious code. Malicious code will only be executed after installation if the malicious package is imported or invoked by the user.). • http://github.com/python-poetry/poetry/commit/ed59537ac3709cfbdbf95d957de801c13872991a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 0CVE-2026-35002 – Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2026-35002
02 Apr 2026 — Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution. • https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2026-35168 – OpenSTAManager: SQL Injection via Aggiornamenti Module
https://notcve.org/view.php?id=CVE-2026-35168
02 Apr 2026 — An authenticated attacker with access to the Aggiornamenti module can execute arbitrary SQL statements including CREATE, DROP, ALTER, INSERT, UPDATE, DELETE, SELECT INTO OUTFILE, and any other SQL command supported by the MySQL server. Foreign key checks are explicitly disabled before execution (SET FOREIGN_KEY_CHECKS=0), further reducing database integrity protections. • https://github.com/devcode-it/openstamanager/commit/43970676bcd6636ff8663652fd82579f737abb74 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: %CPEs: 1EXPL: 0CVE-2026-29782 – OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2
https://notcve.org/view.php?id=CVE-2026-29782
02 Apr 2026 — OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint ($skip_permissions = true). It loads a record from the zz_oauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize() on the access_token field without any class restriction. This issue has been patched in version 2.10.2. • https://github.com/devcode-it/openstamanager/commit/d2e38cbdf91a831cefc0da1548e02b297ae644cc • CWE-502: Deserialization of Untrusted Data •