CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2303 – Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-2303
21 Mar 2025 — The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. ... This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/block-logic/tags/1.0.8/block-logic.php#L127 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29807 – Microsoft Dataverse Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29807
21 Mar 2025 — Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29807 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23120
https://notcve.org/view.php?id=CVE-2025-23120
20 Mar 2025 — A vulnerability allowing remote code execution (RCE) for domain users. • https://www.veeam.com/kb4724 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12215 – Remote Code Execution in kedro-org/kedro
https://notcve.org/view.php?id=CVE-2024-12215
20 Mar 2025 — However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine. • https://huntr.com/bounties/fad27503-97a4-4933-91d4-96223b8c54d8 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-6825 – Remote Code Execution in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-6825
20 Mar 2025 — BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. ... This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed. • https://huntr.com/bounties/1d98bebb-6cf4-46c9-87c3-d3b1972973b5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12866 – Local File Inclusion in netease-youdao/qanything
https://notcve.org/view.php?id=CVE-2024-12866
20 Mar 2025 — This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files. • https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-5752 – Path Traversal in stitionai/devika
https://notcve.org/view.php?id=CVE-2024-5752
20 Mar 2025 — This can lead to arbitrary file overwrite when the application generates code and saves it to the specified project directory, potentially resulting in remote code execution. • https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8958 – Unrestricted File Write and Read in composiohq/composio
https://notcve.org/view.php?id=CVE-2024-8958
20 Mar 2025 — Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution. • https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-7053 – Session Fixation in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7053
20 Mar 2025 — This can lead to a stealthy administrator account takeover, potentially resulting in remote code execution (RCE) due to the elevated privileges of administrator accounts. • https://huntr.com/bounties/947f8191-0abf-4adf-b7c4-d4c19683aba2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-7806 – Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7806
20 Mar 2025 — A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). ... This allows an attacker to craft a malicious HTML that, when accessed by a victim, can modify the Python code of an existing pipeline and execute arbitrary code with the victim's privileges. • https://huntr.com/bounties/9350a68d-5f33-4b3d-988b-81e778160ab8 • CWE-352: Cross-Site Request Forgery (CSRF) •