CVSS: 6.4EPSS: 0%CPEs: 162EXPL: 0CVE-2025-20120
https://notcve.org/view.php?id=CVE-2025-20120
02 Apr 2025 — An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31722
https://notcve.org/view.php?id=CVE-2025-31722
02 Apr 2025 — In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39780 – Use of unsafe yaml load in dynparam
https://notcve.org/view.php?id=CVE-2024-39780
02 Apr 2025 — Through this flaw, a local or remote user can craft and execute arbitrary Python code. • https://github.com/ros/dynamic_reconfigure/pull/202 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29062
https://notcve.org/view.php?id=CVE-2025-29062
02 Apr 2025 — An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29063
https://notcve.org/view.php?id=CVE-2025-29063
02 Apr 2025 — An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29085
https://notcve.org/view.php?id=CVE-2025-29085
02 Apr 2025 — SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount? • https://gist.github.com/Cafe-Tea/bcef0d7a2bdb5ec8e0d69de852fdc900 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-30841 – WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-30841
01 Apr 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-8-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-30580 – WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30580
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/digiwidgets-image-editor/vulnerability/wordpress-digiwidgets-image-editor-1-10-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2005 – Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2005
01 Apr 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://packetstorm.news/files/id/190183 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31132 – Raven allows Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-31132
01 Apr 2025 — A vulnerability allowed any logged in user to execute code via an API endpoint. • https://github.com/The-Commit-Company/raven/security/advisories/GHSA-wmrr-3mrv-2p57 • CWE-20: Improper Input Validation •