CVSS: 8.1EPSS: 1%CPEs: -EXPL: 0CVE-2025-32409
https://notcve.org/view.php?id=CVE-2025-32409
07 Apr 2025 — Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency. • https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29481
https://notcve.org/view.php?id=CVE-2025-29481
07 Apr 2025 — Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. • https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29482
https://notcve.org/view.php?id=CVE-2025-29482
07 Apr 2025 — Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. • https://github.com/lmarch2/poc/blob/main/libheif/libheif.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32215 – WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32215
07 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-plugin-4-17-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32370
https://notcve.org/view.php?id=CVE-2025-32370
06 Apr 2025 — Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS. • https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748 • CWE-912: Hidden Functionality •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30401
https://notcve.org/view.php?id=CVE-2025-30401
05 Apr 2025 — A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. ... A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. • https://www.facebook.com/security/advisories/cve-2025-30401 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2941 – Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move
https://notcve.org/view.php?id=CVE-2025-2941
04 Apr 2025 — This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3266697%40drag-and-drop-multiple-file-upload-for-woocommerce&new=3266697%40drag-and-drop-multiple-file-upload-for-woocommerce&sfp_email=&sfph_mail= • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-27520 – BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
https://notcve.org/view.php?id=CVE-2025-27520
04 Apr 2025 — A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. ... A remote code execution vulnerability caused by insecure... • https://packetstorm.news/files/id/190527 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29815 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29815
04 Apr 2025 — Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29815 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32118 – WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-32118
04 Apr 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/cmp-coming-soon-maintenance/vulnerability/wordpress-cmp-coming-soon-maintenance-plugin-4-1-13-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •