CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-3495 – COMMGR - Insufficient Randomization Authentication Bypass
https://notcve.org/view.php?id=CVE-2025-3495
16 Apr 2025 — An attacker could easily brute force a session ID and load and execute arbitrary code. ... An attacker could easily brute force a session ID and load and execute arbitrary code. • https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00005_COMMGR%20-%20Insufficient%20Randomization%20Authentication%20Bypass_v1.pdf • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-40070
https://notcve.org/view.php?id=CVE-2024-40070
16 Apr 2025 — This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug6-File-upload-img2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40071
https://notcve.org/view.php?id=CVE-2024-40071
16 Apr 2025 — This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug2-File-upload-img.md •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-53305
https://notcve.org/view.php?id=CVE-2024-53305
16 Apr 2025 — An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query. • https://gist.github.com/fern89/ca5fe76ad81b4bc363e7341e523a1651 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53303
https://notcve.org/view.php?id=CVE-2024-53303
16 Apr 2025 — A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request. • https://gist.github.com/fern89/3464e8428d7675e4f0f390a6b2b2842e • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-55371
https://notcve.org/view.php?id=CVE-2024-55371
16 Apr 2025 — Once a web shell is installed, the attacker gains the ability to execute arbitrary commands. • https://www.datafarm.co.th/blog/CVE-2024-55371-and-CVE-2024-55372-Malicious-File-Upload-to-RCE-in-Wallos-Application • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-55372
https://notcve.org/view.php?id=CVE-2024-55372
16 Apr 2025 — Once a web shell is installed, the attacker gains the ability to execute arbitrary commands. • https://www.datafarm.co.th/blog/CVE-2024-55371-and-CVE-2024-55372-Malicious-File-Upload-to-RCE-in-Wallos-Application • CWE-73: External Control of File Name or Path •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39538 – WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-39538
16 Apr 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wp-advanced-search/vulnerability/wordpress-wp-advanced-search-3-3-9-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39557 – WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-39557
16 Apr 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/kadence-woocommerce-email-designer/vulnerability/wordpress-kadence-woocommerce-email-designer-plugin-1-5-14-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-39601 – WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-39601
16 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. ... This makes it possible for unauthenticated attackers to inject arbitrary code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. WordPress Custom CSS, JS and PHP versions 2.4.1 and below suffer from a cross site request forgery vulnerability that leads to remote code execution. • https://patchstack.com/database/wordpress/plugin/custom-css/vulnerability/wordpress-custom-css-js-php-plugin-2-4-1-csrf-to-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •