CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-46089
https://notcve.org/view.php?id=CVE-2024-46089
18 Apr 2025 — 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. • https://gitee.com/Q16G/laravel_bug/blob/master/74cms.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-25984
https://notcve.org/view.php?id=CVE-2025-25984
18 Apr 2025 — ,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component. • https://github.com/vladko312/Research_v380_IP_camera • CWE-259: Use of Hard-coded Password •
CVSS: 2.6EPSS: 0%CPEs: -EXPL: 0CVE-2025-25985
https://notcve.org/view.php?id=CVE-2025-25985
18 Apr 2025 — ,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components. • https://github.com/vladko312/Research_v380_IP_camera • CWE-256: Plaintext Storage of a Password •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28236
https://notcve.org/view.php?id=CVE-2025-28236
18 Apr 2025 — Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28236 •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-28355
https://notcve.org/view.php?id=CVE-2025-28355
18 Apr 2025 — Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none • https://github.com/Volmarg/personal-management-system • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29625
https://notcve.org/view.php?id=CVE-2025-29625
18 Apr 2025 — A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function. • https://github.com/CruiserOne/Astrolog/issues/25 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29058
https://notcve.org/view.php?id=CVE-2025-29058
18 Apr 2025 — An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component. • https://cdn.wjlin0.com/halo-img/74CMSv3.34.0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.zip • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3509 – Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-3509
17 Apr 2025 — A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. • https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.14 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-32583 – WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-32583
17 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/pdf2post/vulnerability/wordpress-pdf-2-post-plugin-2-4-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3520 – Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-3520
17 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/01769760-5bfe-4352-bc5b-141f078c0b6d?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •