CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48760
https://notcve.org/view.php?id=CVE-2024-48760
14 Jan 2025 — An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution. • http://www.gestioip.net/index.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53561
https://notcve.org/view.php?id=CVE-2024-53561
14 Jan 2025 — A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. • https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-53561 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42911
https://notcve.org/view.php?id=CVE-2024-42911
14 Jan 2025 — ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. • http://ecovacs.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57761
https://notcve.org/view.php?id=CVE-2024-57761
14 Jan 2025 — An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/erzhongxmu/JEEWMS/issues/IBFTZ7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22134 – heap-buffer-overflow with visual mode in Vim < 9.1.1003
https://notcve.org/view.php?id=CVE-2025-22134
13 Jan 2025 — An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0394 – Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function
https://notcve.org/view.php?id=CVE-2025-0394
13 Jan 2025 — This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/groundhogg/tags/3.7.3.5/includes/big-file-uploader.php#L117 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5743 – Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-5743
13 Jan 2025 — An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. • https://www.evehome.com/en-us/security-content • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0412 – Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-0412
13 Jan 2025 — Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.keyshot.com/cert/lsa-960930/lsa-960930.pdf?version=1.0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46479
https://notcve.org/view.php?id=CVE-2024-46479
13 Jan 2025 — An authenticated attacker may upload a malicious file, leading to remote code execution. • https://github.com/Lorenzo-de-Sa/Vulnerability-Research • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22782 – WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-22782
13 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wr-price-list-for-woocommerce/vulnerability/wordpress-wr-price-list-manager-for-woocommerce-plugin-1-0-8-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •