CVSS: 6.8EPSS: %CPEs: -EXPL: 0CVE-2025-2763 – CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2763
25 Mar 2025 — This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2257 – Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection
https://notcve.org/view.php?id=CVE-2025-2257
25 Mar 2025 — The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. ... This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://github.com/BoldGrid/boldgrid-backup/pull/622/files • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55028
https://notcve.org/view.php?id=CVE-2024-55028
25 Mar 2025 — A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. • https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-55029
https://notcve.org/view.php?id=CVE-2024-55029
25 Mar 2025 — NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. • https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55030
https://notcve.org/view.php?id=CVE-2024-55030
25 Mar 2025 — A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. • https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42533
https://notcve.org/view.php?id=CVE-2024-42533
25 Mar 2025 — SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter. • https://gist.github.com/7h30th3r0n3/eae27e0eed39741365c55dfd46b57dc8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13889 – WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-13889
25 Mar 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. • https://plugins.trac.wordpress.org/browser/wordpress-importer/trunk/class-wp-import.php#L602 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2007 – Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-2007
25 Mar 2025 — The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/changeset/3261521/wp-ultimate-csv-importer/trunk/MediaHandling.php • CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25373
https://notcve.org/view.php?id=CVE-2025-25373
25 Mar 2025 — The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. • https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30091
https://notcve.org/view.php?id=CVE-2025-30091
25 Mar 2025 — In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. • https://www.moxiemanager.com/changelog • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •