CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30767 – WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-30767
26 Mar 2025 — The The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.0. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://patchstack.com/database/wordpress/plugin/pdf-for-wpforms/vulnerability/wordpress-pdf-for-wpforms-plugin-5-3-0-arbitrary-shortcode-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47516 – Pagure: argument injection in pagurerepo.log()
https://notcve.org/view.php?id=CVE-2024-47516
25 Mar 2025 — An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. • https://access.redhat.com/security/cve/CVE-2024-47516 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30219 – RabbitMQ has XSS Vulnerability in an Error Message in Management UI
https://notcve.org/view.php?id=CVE-2025-30219
25 Mar 2025 — Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript ... • https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30216 – CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length
https://notcve.org/view.php?id=CVE-2025-30216
25 Mar 2025 — This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. • https://github.com/oliviaisntcringe/CVE-2025-30216-PoC • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2312 – cifs.upcall makes an upcall to the wrong namespace in containerized environments
https://notcve.org/view.php?id=CVE-2025-2312
25 Mar 2025 — A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. ... An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174 • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58105
https://notcve.org/view.php?id=CVE-2024-58105
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. ... Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-286: Incorrect User Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58104
https://notcve.org/view.php?id=CVE-2024-58104
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30213 – Frappe has Possibility of Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-30213
25 Mar 2025 — Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. • https://github.com/frappe/frappe/security/advisories/GHSA-v342-4xr9-x3q3 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27633
https://notcve.org/view.php?id=CVE-2025-27633
25 Mar 2025 — The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45480 – Unauthorized local file reading in B&R APROL
https://notcve.org/view.php?id=CVE-2024-45480
25 Mar 2025 — An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system. • https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •