CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31286
https://notcve.org/view.php?id=CVE-2025-31286
02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31722
https://notcve.org/view.php?id=CVE-2025-31722
02 Apr 2025 — In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29062
https://notcve.org/view.php?id=CVE-2025-29062
02 Apr 2025 — An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29063
https://notcve.org/view.php?id=CVE-2025-29063
02 Apr 2025 — An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29085
https://notcve.org/view.php?id=CVE-2025-29085
02 Apr 2025 — SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount? • https://gist.github.com/Cafe-Tea/bcef0d7a2bdb5ec8e0d69de852fdc900 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-30841 – WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-30841
01 Apr 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-8-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-30580 – WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30580
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/digiwidgets-image-editor/vulnerability/wordpress-digiwidgets-image-editor-1-10-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2005 – Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2005
01 Apr 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. WordPress Front-End Users plugin versions 3.2.32 and below suffer from a remote shell upload vulnerability. • https://packetstorm.news/files/id/190183 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31132 – Raven allows Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-31132
01 Apr 2025 — A vulnerability allowed any logged in user to execute code via an API endpoint. • https://github.com/The-Commit-Company/raven/security/advisories/GHSA-wmrr-3mrv-2p57 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1660 – DWFX File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1660
01 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •