CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57151
https://notcve.org/view.php?id=CVE-2024-57151
18 Mar 2025 — SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function La vulnerabilidad de inyección SQL en rainrocka xinhu v.2.6.5 y anteriores permite que un atacante remoto ejecute código arbitrario a través del archivo inputAction.php y la función saveAjax • https://github.com/jcxj/jcxj/blob/master/source/_posts/%E4%BF%A1%E5%91%BCoa%E5%AE%A1%E8%AE%A1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57169
https://notcve.org/view.php?id=CVE-2024-57169
18 Mar 2025 — This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files. • https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-upload-leading-to-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29913 – CryptoLib's Crypto_TC_Prep_AAD Has Buffer Overflow Due to Integer Underflow
https://notcve.org/view.php?id=CVE-2025-29913
17 Mar 2025 — This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted telecommand (TC) frame that causes an unsigned integer underflow. • https://github.com/nasa/CryptoLib/security/advisories/GHSA-q4v2-fvrv-qrf6 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29912 – CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity
https://notcve.org/view.php?id=CVE-2025-29912
17 Mar 2025 — This critical vulnerability can be exploited to cause a denial of service (DoS) or potentially achieve remote code execution. • https://github.com/nasa/CryptoLib/commit/ca39cb96f21e76102aefb956d2c8c0ba0bd143ca • CWE-122: Heap-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29911 – CryptoLib Has Heap Buffer Overflow in Crypto_AOS_ProcessSecurity Function
https://notcve.org/view.php?id=CVE-2025-29911
17 Mar 2025 — This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. • https://github.com/nasa/CryptoLib/security/advisories/GHSA-7g6g-9gj4-8c68 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29909 – CryptoLib's Crypto_TC_ApplySecurity() Has a Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-29909
17 Mar 2025 — This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). ... Esto puede provocar una denegación de servicio (DoS) o, en determinadas circunstancias, la ejecución remota de código (RCE). • https://github.com/nasa/CryptoLib/commit/c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-24185 – Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24185
17 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. • https://support.apple.com/en-us/122068 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2401 – Buffer overflow in Immunity Debugger
https://notcve.org/view.php?id=CVE-2025-2401
17 Mar 2025 — Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking. • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-immunity-debugger • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12992 – Remote Code Execution leads to Command Injection
https://notcve.org/view.php?id=CVE-2024-12992
17 Mar 2025 — Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1219 – libxml streams use wrong content-type header when requesting a redirected resource
https://notcve.org/view.php?id=CVE-2025-1219
17 Mar 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. • https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc • CWE-1116: Inaccurate Comments •