CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30003
https://notcve.org/view.php?id=CVE-2025-30003
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30002
https://notcve.org/view.php?id=CVE-2025-30002
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29905
https://notcve.org/view.php?id=CVE-2025-29905
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27540
https://notcve.org/view.php?id=CVE-2025-27540
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27539
https://notcve.org/view.php?id=CVE-2025-27539
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27495
https://notcve.org/view.php?id=CVE-2025-27495
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3294 – WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
https://notcve.org/view.php?id=CVE-2025-3294
16 Apr 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail= • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20236 – Cisco Webex App Client-Side Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20236
16 Apr 2025 — A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. ... A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1980 – Remote Code Execution via Unrestricted File Upload in Ready_
https://notcve.org/view.php?id=CVE-2025-1980
16 Apr 2025 — If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. • https://cert.pl/en/posts/2025/04/CVE-2025-1980 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22036 – Rancher Remote Code Execution via Cluster/Node Drivers
https://notcve.org/view.php?id=CVE-2024-22036
16 Apr 2025 — A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system. This issue affects rancher:... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22036 • CWE-269: Improper Privilege Management •