CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1660 – DWFX File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1660
01 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1659 – DWFX File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1659
01 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1658 – DWFX File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1658
01 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30065 – Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
https://notcve.org/view.php?id=CVE-2025-30065
01 Apr 2025 — Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. • https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30911 – WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-30911
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. • https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-11235 – Ubuntu Security Notice USN-7400-1
https://notcve.org/view.php?id=CVE-2024-11235
01 Apr 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-29049
https://notcve.org/view.php?id=CVE-2025-29049
01 Apr 2025 — Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function. • https://github.com/advisories/GHSA-qwj6-q94f-8425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24243 – Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24243
31 Mar 2025 — Processing a maliciously crafted file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/122371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24182 – Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24182
31 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://support.apple.com/en-us/122371 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24244 – Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24244
31 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •