CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1734 – Streams HTTP wrapper does not fail for headers with invalid name and no colon
https://notcve.org/view.php?id=CVE-2025-1734
17 Mar 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. • https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1736 – Stream HTTP wrapper header check might omit basic auth header
https://notcve.org/view.php?id=CVE-2025-1736
17 Mar 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. • https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1861 – Stream HTTP wrapper truncates redirect location to 1024 bytes
https://notcve.org/view.php?id=CVE-2025-1861
17 Mar 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. • https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25914
https://notcve.org/view.php?id=CVE-2025-25914
17 Mar 2025 — SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter • https://github.com/872323857/CVE/blob/main/online-exam-mastering-system_sqlinject.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44866
https://notcve.org/view.php?id=CVE-2024-44866
17 Mar 2025 — A buffer overflow in the GuitarPro1::read function of MuseScore Studio v4.3.2 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via opening a crafted GuitarPro file. • https://github.com/moonadon9/CVE_2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2449 – NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2449
17 Mar 2025 — NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-25-146 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2450 – NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2450
17 Mar 2025 — NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. • https://www.zerodayinitiative.com/advisories/ZDI-25-147 • CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1217 – Header parser of http stream wrapper does not handle folded headers
https://notcve.org/view.php?id=CVE-2025-1217
17 Mar 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. • https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-30076
https://notcve.org/view.php?id=CVE-2025-30076
16 Mar 2025 — Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. • https://github.com/gl0wyy/koha-task-scheduler-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54449 – Remote Code Execution (RCE) via Arbitrary File Write In Document API
https://notcve.org/view.php?id=CVE-2024-54449
14 Mar 2025 — This can be used to facilitate RCE. ... This can be used to facilitate RCE. • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-23: Relative Path Traversal •