CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48445 – Compop Online Mall 3.5.3 Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-48445
04 Feb 2025 — An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. • https://packetstorm.news/files/id/188996 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0413 – Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-0413
04 Feb 2025 — An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to escalate privileges and exe... • https://kb.parallels.com/130212 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1028 – Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload
https://notcve.org/view.php?id=CVE-2025-1028
04 Feb 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in specific configurations where the first extension is processed over the final. • https://plugins.trac.wordpress.org/changeset?old_path=/contact-manager/tags/8.6.4&new_path=/contact-manager/tags/8.6.5&sfp_email=&sfph_mail= • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-20634
https://notcve.org/view.php?id=CVE-2025-20634
03 Feb 2025 — This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20633
https://notcve.org/view.php?id=CVE-2025-20633
03 Feb 2025 — This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-57099
https://notcve.org/view.php?id=CVE-2024-57099
03 Feb 2025 — ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server. • https://github.com/ClassCMS/ClassCMS/issues/6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0899 – PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-0899
31 Jan 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0901 – PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-0901
31 Jan 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-0902 – PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0902
31 Jan 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0903 – PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-0903
31 Jan 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •