CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41643
https://notcve.org/view.php?id=CVE-2024-41643
26 Mar 2025 — An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. • https://gavpherk.github.io/GavinKelsey • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29322
https://notcve.org/view.php?id=CVE-2025-29322
26 Mar 2025 — A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages. • https://github.com/simalamuel/Research/tree/main/CVE-2025-29322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 19%CPEs: -EXPL: 2CVE-2024-55963 – AppSmith 1.47 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-55963
26 Mar 2025 — AppSmith version 1.4.7 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/190267 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 40%CPEs: -EXPL: 1CVE-2024-55964 – Appsmith Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-55964
26 Mar 2025 — An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. ... An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. • https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47516 – Pagure: argument injection in pagurerepo.log()
https://notcve.org/view.php?id=CVE-2024-47516
25 Mar 2025 — An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. • https://access.redhat.com/security/cve/CVE-2024-47516 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2312 – cifs.upcall makes an upcall to the wrong namespace in containerized environments
https://notcve.org/view.php?id=CVE-2025-2312
25 Mar 2025 — A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. ... An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174 • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58105
https://notcve.org/view.php?id=CVE-2024-58105
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. ... Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-286: Incorrect User Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58104
https://notcve.org/view.php?id=CVE-2024-58104
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30213 – Frappe has Possibility of Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-30213
25 Mar 2025 — Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. • https://github.com/frappe/frappe/security/advisories/GHSA-v342-4xr9-x3q3 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-2773 – BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2773
25 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. ... An attacker can leverage this vulnerability to execute code in the context of the device. •