CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2837 – Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2837
26 Mar 2025 — Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://community.silabs.com/a45Vm0000000Atp • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2787 – Ingress-nginx vulnerability in KNIME Business Hub
https://notcve.org/view.php?id=CVE-2025-2787
26 Mar 2025 — KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following ver... • https://www.knime.com/security/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26003
https://notcve.org/view.php?id=CVE-2025-26003
26 Mar 2025 — Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. • https://github.com/Fan-24/Digging/blob/main/5/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29322
https://notcve.org/view.php?id=CVE-2025-29322
26 Mar 2025 — A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages. • https://github.com/simalamuel/Research/tree/main/CVE-2025-29322 •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 2CVE-2024-55963 – AppSmith 1.47 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-55963
26 Mar 2025 — AppSmith version 1.4.7 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/190267 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41643
https://notcve.org/view.php?id=CVE-2024-41643
26 Mar 2025 — An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. • https://gavpherk.github.io/GavinKelsey • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30767 – WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-30767
26 Mar 2025 — The The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.0. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://patchstack.com/database/wordpress/plugin/pdf-for-wpforms/vulnerability/wordpress-pdf-for-wpforms-plugin-5-3-0-arbitrary-shortcode-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-55964 – Appsmith Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-55964
26 Mar 2025 — An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. ... An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. • https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47516 – Pagure: argument injection in pagurerepo.log()
https://notcve.org/view.php?id=CVE-2024-47516
25 Mar 2025 — An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. • https://access.redhat.com/security/cve/CVE-2024-47516 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30219 – RabbitMQ has XSS Vulnerability in an Error Message in Management UI
https://notcve.org/view.php?id=CVE-2025-30219
25 Mar 2025 — Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript ... • https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •