CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13744 – Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13744
03 Apr 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3262569/woocommerce-jetpack/trunk/includes/input-fields/class-wcj-product-input-fields-core.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 0CVE-2025-22457 – Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-22457
03 Apr 2025 — A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. • https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3161 – Tenda AC10 ShutdownSetAdd stack-based overflow
https://notcve.org/view.php?id=CVE-2025-3161
03 Apr 2025 — A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/LxxxtSec/CVE/blob/main/CVE_1.md#vulnerability-proof-supplement-remote-code-execution-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2945 – pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
https://notcve.org/view.php?id=CVE-2025-2945
03 Apr 2025 — Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary ... • https://github.com/pgadmin-org/pgadmin4/issues/8603 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-2445
https://notcve.org/view.php?id=CVE-2025-2445
03 Apr 2025 — An attacker can craft a webpage once visited by the victim can trigger the exploit which can lead to executing arbitrary commands on the server (RCE). •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-2446
https://notcve.org/view.php?id=CVE-2025-2446
03 Apr 2025 — This can lead to Remote Code Execution (RCE) on the server. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29064
https://notcve.org/view.php?id=CVE-2025-29064
03 Apr 2025 — An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20X18/OS%20Command%20Injection%20setLanguageCfg_lang.md •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45198
https://notcve.org/view.php?id=CVE-2024-45198
03 Apr 2025 — insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/ef11311ae0633cbd3d794f73c64e3877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45199
https://notcve.org/view.php?id=CVE-2024-45199
03 Apr 2025 — insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/d019ad079d540ef28870dbd9552a7c62 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2780 – Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2780
03 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • http://localhost:1337/wp-content/plugins/woffice-core/extensions/woffice-event/class-fw-extension-woffice-event.php#L1235 • CWE-434: Unrestricted Upload of File with Dangerous Type •