CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-0185 – Pandas Query Injection in langgenius/dify
https://notcve.org/view.php?id=CVE-2025-0185
20 Mar 2025 — This can potentially lead to Remote Code Execution (RCE) if exploited. • https://huntr.com/bounties/7d9eb9b2-7b86-45ed-89bd-276c1350db7e • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9415 – Path Traversal in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9415
20 Mar 2025 — This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server. • https://huntr.com/bounties/31bdf98c-5205-4c48-9bc7-9e780ba63398 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10553 – Jdbc Deserialization in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10553
20 Mar 2025 — A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. • https://github.com/h2oai/h2o-3/commit/ac1d642b4d86f10a02d75974055baf2a4b2025ac • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7760 – CSRF in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-7760
20 Mar 2025 — This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write. • https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-11170 – Path Traversal in danny-avila/librechat
https://notcve.org/view.php?id=CVE-2024-11170
20 Mar 2025 — This can lead to arbitrary file write and potentially remote code execution. • https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-8019 – Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-8019
20 Mar 2025 — This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations. • https://github.com/lightning-ai/pytorch-lightning/commit/330af381de88cff17515418a341cbc1f9f127f9a • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1385 – Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration
https://notcve.org/view.php?id=CVE-2025-1385
20 Mar 2025 — Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on the ClickHouse server. Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on... • https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5phv-x8x4-83x5 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29411
https://notcve.org/view.php?id=CVE-2025-29411
20 Mar 2025 — An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://www.simonjuguna.com/cve-2025-29411-authenticated-remote-code-execution-rce-via-arbitrary-file-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2530 – Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2530
20 Mar 2025 — Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. • https://www.zerodayinitiative.com/advisories/ZDI-25-173 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2531 – Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2531
20 Mar 2025 — Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. • https://www.zerodayinitiative.com/advisories/ZDI-25-174 • CWE-122: Heap-based Buffer Overflow •