CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30206 – Dpanel's hard-coded JWT secret leads to remote code execution
https://notcve.org/view.php?id=CVE-2025-30206
15 Apr 2025 — This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. • https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847 • CWE-321: Use of Hard-coded Cryptographic Key CWE-453: Insecure Default Variable Initialization CWE-547: Use of Hard-coded, Security-relevant Constants •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32780 – BleachBit for Windows Has DLL Untrusted Path Vulnerability
https://notcve.org/view.php?id=CVE-2025-32780
15 Apr 2025 — BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. • https://github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32779 – labsai/eddi Vulnerable to Path Traversal (Zip Slip) in ZIP Import Function
https://notcve.org/view.php?id=CVE-2025-32779
15 Apr 2025 — This overwrite can potentially lead to Remote Code Execution (RCE) within the application's context. • https://github.com/labsai/EDDI/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-50960
https://notcve.org/view.php?id=CVE-2024-50960
15 Apr 2025 — A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, and SMP 352 <= 2.16 allows a remote authenticated attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system. A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated a... • https://github.com/layer8secure/extron-smp-inject • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2020-18243
https://notcve.org/view.php?id=CVE-2020-18243
15 Apr 2025 — SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php. • https://github.com/enricozab/CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-36842
https://notcve.org/view.php?id=CVE-2024-36842
15 Apr 2025 — An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component. • https://github.com/abbiy/CVE-2024-36842-Backdooring-Oncord-Android-Sterio- • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-28100
https://notcve.org/view.php?id=CVE-2025-28100
15 Apr 2025 — A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter. • https://github.com/gh3-dk/vul/blob/main/sql%20injection/dingfanzu/dingfanzu-CMS%20operateOrder.php%20id%20SQL-inject.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29213
https://notcve.org/view.php?id=CVE-2025-29213
15 Apr 2025 — A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. • https://github.com/wy876/cve/issues/7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 1%CPEs: -EXPL: 1CVE-2025-29471 – Nagios Log Server 2024R1.3.1 - Stored XSS
https://notcve.org/view.php?id=CVE-2025-29471
15 Apr 2025 — Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. • https://www.exploit-db.com/exploits/52117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32596 – WordPress Real Estate Manager plugin <= 7.3 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-32596
15 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. ... The Real Estate Manager – Property Listing and Agent Management plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/wordpress/plugin/real-estate-manager/vulnerability/wordpress-real-estate-manager-plugin-7-3-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •