CVSS: 9.3EPSS: 15%CPEs: 3EXPL: 14CVE-2025-0282 – Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-0282
08 Jan 2025 — A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. • https://packetstorm.news/files/id/188667 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0291 – Debian Security Advisory 5840-1
https://notcve.org/view.php?id=CVE-2025-0291
08 Jan 2025 — Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-55656 – RedisBloom Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-55656
08 Jan 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-x5rx-rmq3-ff3h • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51737 – RediSearch Integer Overflow with LIMIT or KNN arguments can lead to RCE
https://notcve.org/view.php?id=CVE-2024-51737
08 Jan 2025 — An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. • https://github.com/RediSearch/RediSearch/commit/13a2936d921dbe5a2e3c72653e0bd7b26af3a6cb • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-51480 – RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51480
08 Jan 2025 — Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. • https://github.com/RedisTimeSeries/RedisTimeSeries/security/advisories/GHSA-73x6-fqww-x8rg • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12848 – SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-12848
08 Jan 2025 — This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. • https://plugins.trac.wordpress.org/browser/skt-builder/trunk/sktbuilder.php#L960 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 88%CPEs: 2EXPL: 2CVE-2024-50603 – Aviatrix Controllers OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-50603
08 Jan 2025 — Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. ... Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. • expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22133 – WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-22133
07 Jan 2025 — WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8. • https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12854 – Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-12854
07 Jan 2025 — This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215986%40garden-gnome-package&new=3215986%40garden-gnome-package&sfp_email=&sfph_mail= • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12853 – Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-12853
07 Jan 2025 — This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218127%40modula-best-grid-gallery&new=3218127%40modula-best-grid-gallery&sfp_email=&sfph_mail= • CWE-434: Unrestricted Upload of File with Dangerous Type •