CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3161 – Tenda AC10 ShutdownSetAdd stack-based overflow
https://notcve.org/view.php?id=CVE-2025-3161
03 Apr 2025 — A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/LxxxtSec/CVE/blob/main/CVE_1.md#vulnerability-proof-supplement-remote-code-execution-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2945 – pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
https://notcve.org/view.php?id=CVE-2025-2945
03 Apr 2025 — Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary ... • https://github.com/pgadmin-org/pgadmin4/issues/8603 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-2445
https://notcve.org/view.php?id=CVE-2025-2445
03 Apr 2025 — An attacker can craft a webpage once visited by the victim can trigger the exploit which can lead to executing arbitrary commands on the server (RCE). •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-2446
https://notcve.org/view.php?id=CVE-2025-2446
03 Apr 2025 — This can lead to Remote Code Execution (RCE) on the server. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45198
https://notcve.org/view.php?id=CVE-2024-45198
03 Apr 2025 — insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/ef11311ae0633cbd3d794f73c64e3877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45199
https://notcve.org/view.php?id=CVE-2024-45199
03 Apr 2025 — insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/d019ad079d540ef28870dbd9552a7c62 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29064
https://notcve.org/view.php?id=CVE-2025-29064
03 Apr 2025 — An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20X18/OS%20Command%20Injection%20setLanguageCfg_lang.md •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30406
https://notcve.org/view.php?id=CVE-2025-30406
03 Apr 2025 — This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. • https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2780 – Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2780
03 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • http://localhost:1337/wp-content/plugins/woffice-core/extensions/woffice-event/class-fw-extension-woffice-event.php#L1235 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31477 – Improper Scope Validation in the open Endpoint of tauri-plugin-shell
https://notcve.org/view.php?id=CVE-2025-31477
02 Apr 2025 — Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. ... By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. • https://github.com/tauri-apps/plugins-workspace/commit/9cf0390a52497e273db1a1b613a0e26827aa327c • CWE-20: Improper Input Validation •