CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11131
https://notcve.org/view.php?id=CVE-2024-11131
19 Mar 2025 — This allows remote attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_24 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10442
https://notcve.org/view.php?id=CVE-2024-10442
19 Mar 2025 — Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_22 • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2024-10441
https://notcve.org/view.php?id=CVE-2024-10441
19 Mar 2025 — Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. ... Improper encoding or escaping of output vulnerability in the system plugin daemon in Synolog... • https://github.com/hazzzein/CVE-2024-10441 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57061
https://notcve.org/view.php?id=CVE-2024-57061
19 Mar 2025 — An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. • https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29137
https://notcve.org/view.php?id=CVE-2025-29137
19 Mar 2025 — Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. • https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac7form_fast_setting_wifi_set%20timeZone.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29401
https://notcve.org/view.php?id=CVE-2025-29401
19 Mar 2025 — An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/bGl1o/emlogpro/blob/main/emlog%20pro2.5.7-getshell.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29405
https://notcve.org/view.php?id=CVE-2025-29405
19 Mar 2025 — .* allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://gist.github.com/bGl1o/19a141ee6e899884fa85f3a52898bcc6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-26909 – WordPress Hide My WP Ghost plugin <= 5.4.01 - Local File Inclusion to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-26909
19 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achi... • https://patchstack.com/database/wordpress/plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-5-4-01-local-file-inclusion-to-rce-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55551
https://notcve.org/view.php?id=CVE-2024-55551
19 Mar 2025 — This can further lead to remote code execution vulnerability. ... This can further lead to remote code execution. • https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2512 – File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function
https://notcve.org/view.php?id=CVE-2025-2512
18 Mar 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/file-away/trunk/lib/cls/class.fileaway_management.php#L1094 • CWE-434: Unrestricted Upload of File with Dangerous Type •