CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2025-3509 – Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-3509
17 Apr 2025 — A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. • https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.14 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: %CPEs: -EXPL: 0CVE-2025-32583 – WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-32583
17 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion. This issue affects PDF 2 Post: from n/a through 2.4.0. • https://patchstack.com/database/wordpress/plugin/pdf2post/vulnerability/wordpress-pdf-2-post-plugin-2-4-0-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2025-3520 – Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-3520
17 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/01769760-5bfe-4352-bc5b-141f078c0b6d?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-29039
https://notcve.org/view.php?id=CVE-2025-29039
17 Apr 2025 — An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 • https://gist.github.com/xyqer1/734fd1d93e4c08cea55dcb1e8b189a2b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29040
https://notcve.org/view.php?id=CVE-2025-29040
17 Apr 2025 — An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c • https://gist.github.com/xyqer1/b3bebe4967a3093951273738f0be45ce •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29041
https://notcve.org/view.php?id=CVE-2025-29041
17 Apr 2025 — An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c • https://gist.github.com/xyqer1/101b7308bdf8618d8be30bd1d09ddd38 •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29042
https://notcve.org/view.php?id=CVE-2025-29042
17 Apr 2025 — An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c • https://gist.github.com/xyqer1/841e78a3c4029808dac8c439595a1358 •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29043
https://notcve.org/view.php?id=CVE-2025-29043
17 Apr 2025 — An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234 • https://gist.github.com/xyqer1/d5a5b18743b7a2fcbc0f93001d8e2ad9 •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29044
https://notcve.org/view.php?id=CVE-2025-29044
17 Apr 2025 — Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value • https://gist.github.com/xyqer1/09fe6488a6655776c8c5d33e630a0f2a •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29045
https://notcve.org/view.php?id=CVE-2025-29045
17 Apr 2025 — Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value • https://gist.github.com/xyqer1/16f6b44ef062374bc32c12952c7b81f8 •