CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-2445
https://notcve.org/view.php?id=CVE-2025-2445
03 Apr 2025 — An attacker can craft a webpage once visited by the victim can trigger the exploit which can lead to executing arbitrary commands on the server (RCE). •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-2446
https://notcve.org/view.php?id=CVE-2025-2446
03 Apr 2025 — This can lead to Remote Code Execution (RCE) on the server. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45198
https://notcve.org/view.php?id=CVE-2024-45198
03 Apr 2025 — insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/ef11311ae0633cbd3d794f73c64e3877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45199
https://notcve.org/view.php?id=CVE-2024-45199
03 Apr 2025 — insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/d019ad079d540ef28870dbd9552a7c62 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2780 – Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2780
03 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • http://localhost:1337/wp-content/plugins/woffice-core/extensions/woffice-event/class-fw-extension-woffice-event.php#L1235 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29064
https://notcve.org/view.php?id=CVE-2025-29064
03 Apr 2025 — An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20X18/OS%20Command%20Injection%20setLanguageCfg_lang.md •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30406
https://notcve.org/view.php?id=CVE-2025-30406
03 Apr 2025 — This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. • https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31477 – Improper Scope Validation in the open Endpoint of tauri-plugin-shell
https://notcve.org/view.php?id=CVE-2025-31477
02 Apr 2025 — Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. ... By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. • https://github.com/tauri-apps/plugins-workspace/commit/9cf0390a52497e273db1a1b613a0e26827aa327c • CWE-20: Improper Input Validation •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31286
https://notcve.org/view.php?id=CVE-2025-31286
02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 164EXPL: 0CVE-2025-20203
https://notcve.org/view.php?id=CVE-2025-20203
02 Apr 2025 — An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •