CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24228
https://notcve.org/view.php?id=CVE-2025-24228
31 Mar 2025 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24211 – Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24211
31 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24230 – Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24230
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24210 – Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24210
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://support.apple.com/en-us/122371 • CWE-783: Operator Precedence Logic Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24256 – Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24256
31 Mar 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphics kext. he issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24190 – Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24190
31 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31692 – AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
https://notcve.org/view.php?id=CVE-2025-31692
31 Mar 2025 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. • https://www.drupal.org/sa-contrib-2025-021 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2891 – WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2891
31 Mar 2025 — This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled. • https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2008 – Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2008
31 Mar 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3261521/wp-ultimate-csv-importer/trunk/SingleImportExport.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30203 – Tuleap allows XSS via the content of RSS feeds in the RSS widgets
https://notcve.org/view.php?id=CVE-2025-30203
31 Mar 2025 — A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. • https://github.com/Enalean/tuleap/commit/54cce3f5e883d16055cb0239e023f48cdf5eb25f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page •