CVSS: 9.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-53615
https://notcve.org/view.php?id=CVE-2024-53615
30 Jan 2025 — A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. • https://github.com/beune/CVE-2024-53615 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13720 – WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-13720
29 Jan 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/wp-image-uploader/trunk/index.php#L85 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57395
https://notcve.org/view.php?id=CVE-2024-57395
29 Jan 2025 — Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. • http://www.hzzcka.com • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57509
https://notcve.org/view.php?id=CVE-2024-57509
29 Jan 2025 — Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions. • https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57510
https://notcve.org/view.php?id=CVE-2024-57510
29 Jan 2025 — Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. • https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2024-40673
https://notcve.org/view.php?id=CVE-2024-40673
28 Jan 2025 — In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. • https://github.com/Aakashmom/G3_libcore_native_CVE-2024-40673 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24480 – FactoryTalk® View Machine Editon - Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-24480
28 Jan 2025 — A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1719.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23211 – Tandoor Recipes - SSTI - Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-23211
28 Jan 2025 — A Jinja2 SSTI vulnerability allows any user to execute commands on the server. • https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23045 – CVAT allows remote code execution via tracker Nuclio functions
https://notcve.org/view.php?id=CVE-2025-23045
28 Jan 2025 — An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. • https://github.com/cvat-ai/cvat/commit/563e1dfde64b15fa042b23f9d09cd854b35f0366 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-0065 – Improper Neutralization of Argument Delimiters in TeamViewer Clients
https://notcve.org/view.php?id=CVE-2025-0065
28 Jan 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYST... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •