CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2867 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2025-2867
27 Mar 2025 — An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. • https://gitlab.com/gitlab-org/gitlab/-/issues/512509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30911 – WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-30911
27 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. • https://packetstorm.news/files/id/190274 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-29306
https://notcve.org/view.php?id=CVE-2025-29306
27 Mar 2025 — An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. • https://github.com/somatrasss/CVE-2025-29306 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2787 – Ingress-nginx vulnerability in KNIME Business Hub
https://notcve.org/view.php?id=CVE-2025-2787
26 Mar 2025 — KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following ver... • https://www.knime.com/security/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26003
https://notcve.org/view.php?id=CVE-2025-26003
26 Mar 2025 — Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. • https://github.com/Fan-24/Digging/blob/main/5/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41643
https://notcve.org/view.php?id=CVE-2024-41643
26 Mar 2025 — An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. • https://gavpherk.github.io/GavinKelsey • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30767 – WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-30767
26 Mar 2025 — Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0. The The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This make... • https://patchstack.com/database/wordpress/plugin/pdf-for-wpforms/vulnerability/wordpress-pdf-for-wpforms-plugin-5-3-0-arbitrary-shortcode-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 50%CPEs: -EXPL: 1CVE-2024-55964 – Appsmith Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-55964
26 Mar 2025 — An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. • https://packetstorm.news/files/id/190326 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30216 – CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length
https://notcve.org/view.php?id=CVE-2025-30216
25 Mar 2025 — This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. • https://github.com/oliviaisntcringe/CVE-2025-30216-PoC • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27633
https://notcve.org/view.php?id=CVE-2025-27633
25 Mar 2025 — The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •