CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29405
https://notcve.org/view.php?id=CVE-2025-29405
19 Mar 2025 — .* allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://gist.github.com/bGl1o/19a141ee6e899884fa85f3a52898bcc6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-26909 – WordPress Hide My WP Ghost plugin <= 5.4.01 - Local File Inclusion to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-26909
19 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01. The Hide My WP Ghost plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 5.4.01. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code ... • https://patchstack.com/database/wordpress/plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-5-4-01-local-file-inclusion-to-rce-vulnerability? • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55551
https://notcve.org/view.php?id=CVE-2024-55551
19 Mar 2025 — This can further lead to remote code execution vulnerability. ... This can further lead to remote code execution. • https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2512 – File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function
https://notcve.org/view.php?id=CVE-2025-2512
18 Mar 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/file-away/trunk/lib/cls/class.fileaway_management.php#L1094 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24801 – GLPI allows authenticated remote code execution
https://notcve.org/view.php?id=CVE-2025-24801
18 Mar 2025 — GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18. • https://github.com/glpi-project/glpi/security/advisories/GHSA-g2p3-33ff-r555 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21760
https://notcve.org/view.php?id=CVE-2024-21760
18 Mar 2025 — An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet. • https://fortiguard.fortinet.com/psirt/FG-IR-23-420 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1758 – Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-1758
18 Mar 2025 — Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. • https://docs.progress.com/bundle/release-notes_loadmaster-7-2-61-1/page/Security-Updates.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-271561 – Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-271561
18 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12563 – s2Member Pro <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode
https://notcve.org/view.php?id=CVE-2024-12563
18 Mar 2025 — The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. El complemento s2Member Pro para WordPress es vulnerable a l... • https://s2member.com/changelog • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-25589
https://notcve.org/view.php?id=CVE-2025-25589
18 Mar 2025 — An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file. • https://gitee.com/r1bbit/yimioa/issues/IBI81R • CWE-91: XML Injection (aka Blind XPath Injection) •