CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29046
https://notcve.org/view.php?id=CVE-2025-29046
17 Apr 2025 — Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value • https://gist.github.com/xyqer1/7f9970240aec0af412caee79271a5be5 •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29047
https://notcve.org/view.php?id=CVE-2025-29047
17 Apr 2025 — Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser • https://gist.github.com/xyqer1/74adbc0249eeacf762fb4d33cf93a0f5 •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-29661
https://notcve.org/view.php?id=CVE-2025-29661
17 Apr 2025 — Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. • https://github.com/litepubl/cms/issues/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-29662
https://notcve.org/view.php?id=CVE-2025-29662
17 Apr 2025 — A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. • https://github.com/landchat/LandChat/issues/5 •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-56518
https://notcve.org/view.php?id=CVE-2024-56518
17 Apr 2025 — Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. • https://docs.hazelcast.com/management-center/6.0-snapshot/getting-started/install •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1568
https://notcve.org/view.php?id=CVE-2025-1568
16 Apr 2025 — Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config. • https://issues.chromium.org/issues/b/374279912 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0756 – Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
https://notcve.org/view.php?id=CVE-2025-0756
16 Apr 2025 — This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users. • https://https://support.pentaho.com/hc/en-us/articles/35771876077709--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Control-of-Resource-Identifiers-Resource-Injection-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-0756 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32433 – Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
https://notcve.org/view.php?id=CVE-2025-32433
16 Apr 2025 — Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). • https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2025-3729 – SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command injection
https://notcve.org/view.php?id=CVE-2025-3729
16 Apr 2025 — A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/rce_in_backup.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3294 – WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
https://notcve.org/view.php?id=CVE-2025-3294
16 Apr 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail= • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •