CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-22964
https://notcve.org/view.php?id=CVE-2025-22964
15 Jan 2025 — SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS 10.1.1 allows an attacker to execute arbitrary code via the table parameter. ... DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. • https://github.com/padayali-JD/CVE-2025-22964 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-22976
https://notcve.org/view.php?id=CVE-2025-22976
15 Jan 2025 — SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module. • https://github.com/xiaosguang/cve/blob/main/dingfanzu/dingfanzu-CMS%20checkOrder.php%20shopId%20SQL-inject.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41454
https://notcve.org/view.php?id=CVE-2024-41454
15 Jan 2025 — An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file. • https://github.com/php-lover-boy/processmaker • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-55921 – Cross-Site Request Forgery in Extension Manager Module in TYPO3
https://notcve.org/view.php?id=CVE-2024-55921
14 Jan 2025 — The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case. • https://github.com/TYPO3/typo3/security/advisories/GHSA-4g52-pq8j-6qv5 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49375 – Remote Code Execution via Remote Model Loading in Rasa
https://notcve.org/view.php?id=CVE-2024-49375
14 Jan 2025 — A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. ... For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security controls recommended in our documentation. 3. For authenticated RCE, the attacker must posses a valid authentication token or JWT to interact ... • https://github.com/RasaHQ/rasa-pro-security-advisories/security/advisories/GHSA-cpv4-ggrr-7j9v • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21127 – Photoshop Desktop | Uncontrolled Search Path Element (CWE-427)
https://notcve.org/view.php?id=CVE-2025-21127
14 Jan 2025 — Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability... • https://helpx.adobe.com/security/products/photoshop/apsb25-02.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21245 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21245
14 Jan 2025 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21245 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21409 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21409
14 Jan 2025 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21409 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21223 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21223
14 Jan 2025 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21223 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21238 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21238
14 Jan 2025 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21238 • CWE-122: Heap-based Buffer Overflow •