CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-39468 – Modal Survey <= 2.0.2.0.1 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2025-39468
16 Apr 2025 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1274 – RCS File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-1274
15 Apr 2025 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1277 – PDF File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1277
15 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1656 – PDF File Parsing Heap-based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1656
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1273 – PDF File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1273
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2497 – DWG File Parsing Stack-Based Buffer Vulnerability
https://notcve.org/view.php?id=CVE-2025-2497
15 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0005 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1276 – DWG File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-1276
15 Apr 2025 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1275 – JPG File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1275
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0006 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31499 – Jellyfin Vulnerable to Argument Injection in FFmpeg
https://notcve.org/view.php?id=CVE-2025-31499
15 Apr 2025 — This can be leveraged to possibly achieve remote code execution by anyone with credentials to a low-privileged user. ... This argument injection can be exploited to achieve arbitrary file write, leading to possible remote code execution through the plugin system. • https://github.com/jellyfin/jellyfin/commit/79f3ce53257c5291887cd52d8ac735b5252c9a97 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32012 – Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing
https://notcve.org/view.php?id=CVE-2025-32012
15 Apr 2025 — This method of IP spoofing also bypasses some security mechanisms, cause a denial-of-service attack, and possible bypass the admin restart requirement if combined with remote code execution. • https://github.com/jellyfin/jellyfin/commit/f625665cb116a7e3feb8b79aaf1ed39a956e0585 • CWE-290: Authentication Bypass by Spoofing •