CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40771
https://notcve.org/view.php?id=CVE-2024-40771
15 Jan 2025 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/120898 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27856 – Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27856
15 Jan 2025 — Processing a file may lead to unexpected app termination or arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/120896 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13355 – Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13355
15 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload files on the affected site's server which may make remote code execution possible and is confirmed to make Cross-Site Scripting possible. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3222601%40admin-and-client-message-after-order-for-woocommerce&new=3222601%40admin-and-client-message-after-order-for-woocommerce&sfp_email=&sfph_mail= • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22723 – WordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-22723
15 Jan 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-and-inventory-manager-plugin-1-6-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1CVE-2025-22968
https://notcve.org/view.php?id=CVE-2025-22968
15 Jan 2025 — An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions • https://github.com/CRUNZEX/CVE-2025-22968 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 1CVE-2024-12084 – Rsync: heap buffer overflow in rsync due to improper checksum length handling
https://notcve.org/view.php?id=CVE-2024-12084
15 Jan 2025 — This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. ... An attacker could use this issue to execute arbitrary code. • https://github.com/themirze/cve-2024-12084 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-55503
https://notcve.org/view.php?id=CVE-2024-55503
15 Jan 2025 — An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component. • https://github.com/SyFi/CVE-2024-55503 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57728
https://notcve.org/view.php?id=CVE-2024-57728
15 Jan 2025 — SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. • https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48123
https://notcve.org/view.php?id=CVE-2024-48123
15 Jan 2025 — An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. • https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52783
https://notcve.org/view.php?id=CVE-2024-52783
15 Jan 2025 — Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. • https://github.com/Curator-Kim/Vulnerability-mining/blob/master/XDP%20Pro.exe%20incorrect%20permission%20for%20configuration%20file/Incorrect%20permission%20for%20configuration%20file%20in%20XDP%20Pro.exe.md • CWE-276: Incorrect Default Permissions •