CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1385 – Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration
https://notcve.org/view.php?id=CVE-2025-1385
20 Mar 2025 — Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on the ClickHouse server. Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute ... • https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5phv-x8x4-83x5 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29411
https://notcve.org/view.php?id=CVE-2025-29411
20 Mar 2025 — An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://www.simonjuguna.com/cve-2025-29411-authenticated-remote-code-execution-rce-via-arbitrary-file-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2530 – Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2530
20 Mar 2025 — Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current proce... • https://www.zerodayinitiative.com/advisories/ZDI-25-173 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2531 – Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2531
20 Mar 2025 — Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current process. A... • https://www.zerodayinitiative.com/advisories/ZDI-25-174 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2532 – Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2532
20 Mar 2025 — Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker ... • https://www.zerodayinitiative.com/advisories/ZDI-25-175 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27774 – Applio allows SSRF and file write in model_download.py
https://notcve.org/view.php?id=CVE-2025-27774
19 Mar 2025 — The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27775 – Applio allows SSRF and file write in model_download.py
https://notcve.org/view.php?id=CVE-2025-27775
19 Mar 2025 — The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27776 – Applio allows SSRF and file write in model_download.py
https://notcve.org/view.php?id=CVE-2025-27776
19 Mar 2025 — The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27778 – Applio allows unsafe deserialization in infer.py
https://notcve.org/view.php?id=CVE-2025-27778
19 Mar 2025 — The issue can lead to remote code execution. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/infer/infer.py#L464 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27779 – Applio allows unsafe deserialization in model_blender.py
https://notcve.org/view.php?id=CVE-2025-27779
19 Mar 2025 — The issue can lead to remote code execution. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/train/process/model_blender.py#L20-L21 • CWE-502: Deserialization of Untrusted Data •