CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24228
https://notcve.org/view.php?id=CVE-2025-24228
31 Mar 2025 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24211 – Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24211
31 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24230 – Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24230
31 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24256 – Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24256
31 Mar 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphics kext. he issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24190 – Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24190
31 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31692 – AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
https://notcve.org/view.php?id=CVE-2025-31692
31 Mar 2025 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. • https://www.drupal.org/sa-contrib-2025-021 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2891 – WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2891
31 Mar 2025 — This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled. • https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2008 – Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2008
31 Mar 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3261521/wp-ultimate-csv-importer/trunk/SingleImportExport.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13804
https://notcve.org/view.php?id=CVE-2024-13804
30 Mar 2025 — Unauthenticated RCE in HPE Insight Cluster Management Utility • https://red.0xbad53c.com/vulnerability-research/rce-in-hpe-insight-cluster-management-utility-cve-2024-13804 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2006 – Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2006
28 Mar 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/image-upload-for-bbpress/tags/1.1.19/bbp-image-upload.php#L136 • CWE-434: Unrestricted Upload of File with Dangerous Type •