CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11635 – WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-11635
07 Jan 2025 — The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. • https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2025-0241 – firefox: Memory corruption when using JavaScript Text Segmentation
https://notcve.org/view.php?id=CVE-2025-0241
07 Jan 2025 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2025-0240 – firefox: Compartment mismatch when parsing JavaScript JSON module
https://notcve.org/view.php?id=CVE-2025-0240
07 Jan 2025 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1929623 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 20EXPL: 0CVE-2025-0239 – firefox: Alt-Svc ALPN validation failure when redirected
https://notcve.org/view.php?id=CVE-2025-0239
07 Jan 2025 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 • CWE-295: Improper Certificate Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2025-0238 – firefox: thunderbird: Use-after-free when breaking lines in text
https://notcve.org/view.php?id=CVE-2025-0238
07 Jan 2025 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915535 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 20EXPL: 0CVE-2025-0237 – firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack
https://notcve.org/view.php?id=CVE-2025-0237
07 Jan 2025 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915257 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21624 – ClipBucket V5 Playlist Cover File Upload to Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-21624
07 Jan 2025 — ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability ... • https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11681 – Remote Code Execution in MacPorts
https://notcve.org/view.php?id=CVE-2024-11681
07 Jan 2025 — A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. • https://github.com/google/security-research/security/advisories/GHSA-2j38-pjh8-wfxw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50658
https://notcve.org/view.php?id=CVE-2024-50658
07 Jan 2025 — Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file • http://adportal.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-53345
https://notcve.org/view.php?id=CVE-2024-53345
07 Jan 2025 — An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/ShadowByte1/CVE-2024-53345 • CWE-434: Unrestricted Upload of File with Dangerous Type •