CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29063
https://notcve.org/view.php?id=CVE-2025-29063
02 Apr 2025 — An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29085
https://notcve.org/view.php?id=CVE-2025-29085
02 Apr 2025 — SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount? • https://gist.github.com/Cafe-Tea/bcef0d7a2bdb5ec8e0d69de852fdc900 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-30841 – WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-30841
01 Apr 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-8-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-30580 – WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30580
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/digiwidgets-image-editor/vulnerability/wordpress-digiwidgets-image-editor-1-10-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2005 – Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2005
01 Apr 2025 — The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://packetstorm.news/files/id/190183 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31132 – Raven allows Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-31132
01 Apr 2025 — A vulnerability allowed any logged in user to execute code via an API endpoint. • https://github.com/The-Commit-Company/raven/security/advisories/GHSA-wmrr-3mrv-2p57 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1660 – DWFX File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1660
01 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-3030 – firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
https://notcve.org/view.php?id=CVE-2025-3030
01 Apr 2025 — Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-3029 – firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters
https://notcve.org/view.php?id=CVE-2025-3029
01 Apr 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing. • https://bugzilla.mozilla.org/show_bug.cgi?id=1952213 • CWE-290: Authentication Bypass by Spoofing CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1659 – DWFX File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1659
01 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-125: Out-of-bounds Read •