CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30067 – Apache Kylin: The remote code execution via jdbc url
https://notcve.org/view.php?id=CVE-2025-30067
27 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. • https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30358 – Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
https://notcve.org/view.php?id=CVE-2025-30358
27 Mar 2025 — Just like the Javascript's prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. • https://github.com/mesop-dev/mesop/commit/748e20d4a363d89b841d62213f5b0c6b4bed788f • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30232 – Debian Security Advisory 5887-1
https://notcve.org/view.php?id=CVE-2025-30232
27 Mar 2025 — A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2328 – Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-2328
27 Mar 2025 — /wp-config.php) to uploaded files on the server, which can easily lead to remote code execution when an Administrator deletes the message. • https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php#L153 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-29306
https://notcve.org/view.php?id=CVE-2025-29306
27 Mar 2025 — An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. • https://github.com/somatrasss/CVE-2025-29306 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-20229 – Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20229
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. • https://advisory.splunk.com/advisories/SVD-2025-0301 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2837 – Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2837
26 Mar 2025 — Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://community.silabs.com/a45Vm0000000Atp • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-28893 – WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-28893
26 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29322
https://notcve.org/view.php?id=CVE-2025-29322
26 Mar 2025 — A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages. • https://github.com/simalamuel/Research/tree/main/CVE-2025-29322 •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41643
https://notcve.org/view.php?id=CVE-2024-41643
26 Mar 2025 — An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. • https://gavpherk.github.io/GavinKelsey • CWE-94: Improper Control of Generation of Code ('Code Injection') •