CVSS: 9.3EPSS: %CPEs: 1EXPL: 0CVE-2025-31477 – Improper Scope Validation in the open Endpoint of tauri-plugin-shell
https://notcve.org/view.php?id=CVE-2025-31477
02 Apr 2025 — Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. ... By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. • https://github.com/tauri-apps/plugins-workspace/commit/9cf0390a52497e273db1a1b613a0e26827aa327c • CWE-20: Improper Input Validation •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31286
https://notcve.org/view.php?id=CVE-2025-31286
02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 0CVE-2025-31722
https://notcve.org/view.php?id=CVE-2025-31722
02 Apr 2025 — In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29062
https://notcve.org/view.php?id=CVE-2025-29062
02 Apr 2025 — An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29063
https://notcve.org/view.php?id=CVE-2025-29063
02 Apr 2025 — An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29085
https://notcve.org/view.php?id=CVE-2025-29085
02 Apr 2025 — SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount? • https://gist.github.com/Cafe-Tea/bcef0d7a2bdb5ec8e0d69de852fdc900 •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-30841 – WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-30841
01 Apr 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-8-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-30580 – WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30580
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/digiwidgets-image-editor/vulnerability/wordpress-digiwidgets-image-editor-1-10-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2005 – Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2005
01 Apr 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. WordPress Front-End Users plugin versions 3.2.32 and below suffer from a remote shell upload vulnerability. • https://packetstorm.news/files/id/190183 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31132 – Raven allows Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-31132
01 Apr 2025 — A vulnerability allowed any logged in user to execute code via an API endpoint. • https://github.com/The-Commit-Company/raven/security/advisories/GHSA-wmrr-3mrv-2p57 • CWE-20: Improper Input Validation •