CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29815 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29815
04 Apr 2025 — Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29815 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2525 – Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2525
04 Apr 2025 — This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://documentation.iqonic.design/streamit/change-log/streamit-v4-0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32118 – WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-32118
04 Apr 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/cmp-coming-soon-maintenance/vulnerability/wordpress-cmp-coming-soon-maintenance-plugin-4-1-13-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25000 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-25000
03 Apr 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25000 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31119 – CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework
https://notcve.org/view.php?id=CVE-2025-31119
03 Apr 2025 — If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. • https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 1CVE-2025-3169 – Projeqtor saveAttachment.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-3169
03 Apr 2025 — A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. • https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31115 – XZ has a heap-use-after-free bug in threaded .xz decoder
https://notcve.org/view.php?id=CVE-2025-31115
03 Apr 2025 — If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480 • CWE-366: Race Condition within a Thread CWE-416: Use After Free CWE-476: NULL Pointer Dereference CWE-826: Premature Release of Resource During Expected Lifetime •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13744 – Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13744
03 Apr 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3262569/woocommerce-jetpack/trunk/includes/input-fields/class-wcj-product-input-fields-core.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 24%CPEs: 2EXPL: 1CVE-2025-22457 – Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-22457
03 Apr 2025 — A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. • https://packetstorm.news/files/id/190444 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3161 – Tenda AC10 ShutdownSetAdd stack-based overflow
https://notcve.org/view.php?id=CVE-2025-3161
03 Apr 2025 — A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/LxxxtSec/CVE/blob/main/CVE_1.md#vulnerability-proof-supplement-remote-code-execution-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •