CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41790
https://notcve.org/view.php?id=CVE-2024-41790
08 Apr 2025 — This could allow an authenticated remote attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-187636.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41789
https://notcve.org/view.php?id=CVE-2024-41789
08 Apr 2025 — This could allow an authenticated remote attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-187636.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41788
https://notcve.org/view.php?id=CVE-2024-41788
08 Apr 2025 — This could allow an authenticated remote attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-187636.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32140 – WordPress WP Remote Thumbnail Plugin <= 1.3.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32140
08 Apr 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1. The WP Remote Thumbnail plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary fil... • https://patchstack.com/database/wordpress/plugin/wp-remote-thumbnail/vulnerability/wordpress-wp-remote-thumbnail-plugin-1-3-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32202 – WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32202
08 Apr 2025 — This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/insert-or-embed-articulate-content-into-wordpress/vulnerability/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000025-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-32206 – WordPress Processing Projects Plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32206
08 Apr 2025 — This makes it possible for authenticated attackers, with Shop Manager-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. WordPress Processing Projects plugin versions 1.0.2 and below suffer from a remote shell upload vulnerability. • https://packetstorm.news/files/id/190434 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2807 – Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2025-2807
07 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible. • https://packetstorm.news/files/id/190362 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3425 – Unauthenticated Remote Code Execution via .NET Deserialization
https://notcve.org/view.php?id=CVE-2025-3425
07 Apr 2025 — After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. • https://www.cve.org/CVERecord?id=CVE-2025-3425 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2004 – Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-2004
07 Apr 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). ... This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/simple-wp-events/trunk/admin/includes/wp-events-export-events.php#L399 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 80%CPEs: 1EXPL: 3CVE-2025-3248 – Langflow Unauth RCE
https://notcve.org/view.php?id=CVE-2025-3248
07 Apr 2025 — Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. • https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai • CWE-306: Missing Authentication for Critical Function •