CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33026
https://notcve.org/view.php?id=CVE-2025-33026
15 Apr 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. • https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33026%20%28PeaZip%29/CVE-2025-33026.md • CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33027
https://notcve.org/view.php?id=CVE-2025-33027
15 Apr 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. • https://en.bandisoft.com/bandizip • CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33028
https://notcve.org/view.php?id=CVE-2025-33028
15 Apr 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. • https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33028%20%28WinZip%29/CVE-2025-33028.md • CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-32682 – WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-32682
15 Apr 2025 — This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. WordPress MapSVG Lite plugin versions 8.5.34 and below suffer from a remote shell upload vulnerability. • https://packetstorm.news/files/id/190569 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 1CVE-2025-24797 – Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
https://notcve.org/view.php?id=CVE-2025-24797
14 Apr 2025 — A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. ... A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. • https://packetstorm.news/files/id/190552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-22371 – SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
https://notcve.org/view.php?id=CVE-2025-22371
14 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands. ... As of the date of this CVE record, there has been no patch Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated r... • https://basec.sicomm.net/login • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26872 – Eximius <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-26872
14 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26892 – Celestial Aura <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-26892
14 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29834 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29834
12 Apr 2025 — Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29834 • CWE-125: Out-of-bounds Read •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32078 – XSSes and potential RCE in Special:VersionCompare
https://notcve.org/view.php?id=CVE-2025-32078
11 Apr 2025 — Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/If901b3b98e615e1a4f4034d932d2d592000b51d0 • CWE-116: Improper Encoding or Escaping of Output •