CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-0960 – AutomationDirect C-more EA9 HMI Classic Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-0960
04 Feb 2025 — AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device. • https://community.automationdirect.com/s/cybersecurity/security-advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24971 – OS Command Injection endpoint '/upload/init' parameter 'filename' (RCE) in DumpDrop
https://notcve.org/view.php?id=CVE-2025-24971
04 Feb 2025 — This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. • https://github.com/DumbWareio/DumbDrop/commit/4ff8469d69019d200046a67d326f51703bc4da63 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0364 – BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
https://notcve.org/view.php?id=CVE-2025-0364
04 Feb 2025 — BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution. • https://vulncheck.com/advisories/big-ant-upload-rce • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23690 – EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection
https://notcve.org/view.php?id=CVE-2024-23690
04 Feb 2025 — An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands. • https://vulncheck.com/advisories/netgear-fvs336g-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-24677 – WordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-24677
04 Feb 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/postpage-import-export-with-custom-fields-taxonomies/vulnerability/wordpress-post-page-copying-tool-to-export-and-import-post-page-for-cross-site-migration-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-22204 – Extension - regularlabs.com - Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for Joomla
https://notcve.org/view.php?id=CVE-2025-22204
04 Feb 2025 — Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. • https://regularlabs.com/sourcerer • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20890
https://notcve.org/view.php?id=CVE-2025-20890
04 Feb 2025 — Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20888
https://notcve.org/view.php?id=CVE-2025-20888
04 Feb 2025 — Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20882
https://notcve.org/view.php?id=CVE-2025-20882
04 Feb 2025 — Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20881
https://notcve.org/view.php?id=CVE-2025-20881
04 Feb 2025 — Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •