CVSS: 9.2EPSS: %CPEs: -EXPL: 0CVE-2025-40634 – Stack-based buffer overflow in TP-Link Archer AX50
https://notcve.org/view.php?id=CVE-2025-40634
20 May 2025 — This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks. • https://www.incibe.es/en/incibe-cert/notices/aviso/stack-based-buffer-overflow-tp-link-archer-ax50 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23123
https://notcve.org/view.php?id=CVE-2025-23123
19 May 2025 — A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware. • https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-55063
https://notcve.org/view.php?id=CVE-2024-55063
19 May 2025 — Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard_variant parameter to /international/settings/keyboard; the (4) timezone parameter to /international/settings/timezone. • https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55063.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47273 – setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
https://notcve.org/view.php?id=CVE-2025-47273
17 May 2025 — An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. • https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3812 – WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-3812
16 May 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/8fe1609d-17d6-4afe-90b2-5473dc9b6c3b?source=cve • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4389 – Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4389
16 May 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/crawlomatic-multisite-scraper-post-generator-plugin-for-wordpress/20476010 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4391 – Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4391
16 May 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6486 – ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection
https://notcve.org/view.php?id=CVE-2024-6486
15 May 2025 — This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution. • https://wpscan.com/vulnerability/a57c0c59-8b5c-4221-a9db-19f141650d9b •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47785 – EMLOG SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-47785
15 May 2025 — In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. • https://github.com/emlog/emlog/security/advisories/GHSA-939m-47f7-m559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47787 – Emlog Pro Contains a File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-47787
15 May 2025 — This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. • https://github.com/emlog/emlog/commit/691c13e90df2fb35e120f4e0735078bad018eed7 • CWE-434: Unrestricted Upload of File with Dangerous Type •