CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-30076
https://notcve.org/view.php?id=CVE-2025-30076
16 Mar 2025 — Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. • https://github.com/gl0wyy/koha-task-scheduler-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54449 – Remote Code Execution (RCE) via Arbitrary File Write In Document API
https://notcve.org/view.php?id=CVE-2024-54449
14 Mar 2025 — This can be used to facilitate RCE. ... This can be used to facilitate RCE. • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54448 – Remote Code Execution (RCE) via Automation Scripting
https://notcve.org/view.php?id=CVE-2024-54448
14 Mar 2025 — The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. The Automation Scripting functionality can be exploited by at... • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45588
https://notcve.org/view.php?id=CVE-2023-45588
14 Mar 2025 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2000 – Qiskit SDK code execution
https://notcve.org/view.php?id=CVE-2025-2000
14 Mar 2025 — A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. • https://www.ibm.com/support/pages/node/7185949 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27593 – RCE due to Device Driver
https://notcve.org/view.php?id=CVE-2025-27593
14 Mar 2025 — The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-55549 – libxslt xsltParseStylesheetProcess Use-After-Free
https://notcve.org/view.php?id=CVE-2024-55549
14 Mar 2025 — A remote attacker could use this issue to cause Libxslt to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://packetstorm.news/files/id/189919 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24855 – libxslt: Use-After-Free in libxslt numbers.c
https://notcve.org/view.php?id=CVE-2025-24855
14 Mar 2025 — A remote attacker could use this issue to cause Libxslt to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29409
https://notcve.org/view.php?id=CVE-2024-29409
14 Mar 2025 — File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. • https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1652 – MODEL File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1652
13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-125: Out-of-bounds Read •