CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2702 – Softwin WMX3 ImageAdd.ashx ImageAdd unrestricted upload
https://notcve.org/view.php?id=CVE-2025-2702
24 Mar 2025 — A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1. This issue affects the function ImageAdd of the file /ImageAdd.ashx. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_1.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2701 – AMTT Hotel Broadband Operation System port_setup.php popen os command injection
https://notcve.org/view.php?id=CVE-2025-2701
24 Mar 2025 — A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/zian10001/cve/blob/main/rce.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30615 – WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-30615
24 Mar 2025 — This makes it possible for unauthenticated attackers to achieve remote code execution granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/wordpress/plugin/wp-e-commerce-style-email/vulnerability/wordpress-wp-e-commerce-style-email-plugin-0-6-2-csrf-to-remote-code-execution-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28893 – WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-28893
24 Mar 2025 — The Visual Text Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.2.1. • https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29135
https://notcve.org/view.php?id=CVE-2025-29135
24 Mar 2025 — A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. • https://gist.github.com/Raining-101/1651dd3901efdbb38d94a156a54bbc62 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29806 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29806
23 Mar 2025 — No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2303 – Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-2303
21 Mar 2025 — The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. • https://plugins.trac.wordpress.org/browser/block-logic/tags/1.0.8/block-logic.php#L127 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29807 – Microsoft Dataverse Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29807
21 Mar 2025 — Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29807 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23120
https://notcve.org/view.php?id=CVE-2025-23120
20 Mar 2025 — A vulnerability allowing remote code execution (RCE) for domain users. • https://www.veeam.com/kb4724 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12215 – Remote Code Execution in kedro-org/kedro
https://notcve.org/view.php?id=CVE-2024-12215
20 Mar 2025 — However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine. • https://huntr.com/bounties/fad27503-97a4-4933-91d4-96223b8c54d8 • CWE-20: Improper Input Validation •