CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23196 – Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
https://notcve.org/view.php?id=CVE-2025-23196
21 Jan 2025 — A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. ... An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. • https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13091 – WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13091
21 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9b6979-2662-4d2f-9656-b880dd80832c?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42936
https://notcve.org/view.php?id=CVE-2024-42936
21 Jan 2025 — The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. • https://gist.github.com/smrx86/2008111b12ab47882b3928d0cbc9e415 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24421
https://notcve.org/view.php?id=CVE-2024-24421
21 Jan 2025 — A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet. • https://cellularsecurity.org/ransacked • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-51092 – LibreNMS Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-51092
20 Jan 2025 — Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. • https://packetstorm.news/files/id/188748 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 4CVE-2025-0411 – 7-Zip Mark-of-the-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0411
19 Jan 2025 — This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. ... An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. An attacker can leverage this vulnerability to execute arbitrary code in the context o... • https://packetstorm.news/files/id/188804 • CWE-693: Protection Mechanism Failure •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23209 – Potential RCE with a compromised security key in craft/cms
https://notcve.org/view.php?id=CVE-2025-23209
18 Jan 2025 — This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. • https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21606 – Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
https://notcve.org/view.php?id=CVE-2025-21606
17 Jan 2025 — An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execute arbitrary code with root privileges. • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13503 – Stack-Based Buffer Overflow in Newtec's update signaling causes RCE
https://notcve.org/view.php?id=CVE-2024-13503
17 Jan 2025 — Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local E... • https://doi.org/10.1145/3643833.3656139 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12703
https://notcve.org/view.php?id=CVE-2024-12703
17 Jan 2025 — CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project fi... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-06.pdf • CWE-502: Deserialization of Untrusted Data •