CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31411 – WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.12 - Arbitrary File Read/Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-31411
10 Apr 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/linet-erp-woocommerce-integration/vulnerability/wordpress-linet-erp-woocommerce-integration-plugin-3-5-12-arbitrary-file-read-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32743
https://notcve.org/view.php?id=CVE-2025-32743
10 Apr 2025 — This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations. • https://lapis-sawfish-be3.notion.site/0-click-Vulnerability-in-Comman-1-43_v3-1cadc00d01d080b0b3b9c46a6da584cc • CWE-392: Missing Report of Error Condition •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22279 – WordPress JetCompareWishlist plugin <= 1.5.9 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-22279
10 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through 1.5.9. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass acces... • https://patchstack.com/database/wordpress/plugin/jet-compare-wishlist/vulnerability/wordpress-jetcomparewishlist-plugin-1-5-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31030 – WordPress Ray Enterprise Translation <= 1.7.0 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-31030
10 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jbhovik Ray Enterprise Translation allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and oth... • https://patchstack.com/database/wordpress/plugin/lingotek-translation/vulnerability/wordpress-ray-enterprise-translation-1-7-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32652 – WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32652
10 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/solace-extra/vulnerability/wordpress-solace-extra-plugin-1-3-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30967 – WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-30967
10 Apr 2025 — This makes it possible for unauthenticated attackers to execute arbitrary code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30644 – Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled
https://notcve.org/view.php?id=CVE-2025-30644
09 Apr 2025 — Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component. • https://supportportal.juniper.net/JSA96453 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32375 – Insecure Deserialization leads to RCE in BentoML's runner server
https://notcve.org/view.php?id=CVE-2025-32375
09 Apr 2025 — By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. • https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-1045 – Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-1045
09 Apr 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-1046 – Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-1046
09 Apr 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •