CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1658 – DWFX File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1658
01 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30065 – Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
https://notcve.org/view.php?id=CVE-2025-30065
01 Apr 2025 — Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. • https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3051 – Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory
https://notcve.org/view.php?id=CVE-2025-3051
01 Apr 2025 — Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code <... • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30673 – Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory
https://notcve.org/view.php?id=CVE-2025-30673
01 Apr 2025 — Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30672 – Mite for Perl generates code with an untrusted search path vulnerability
https://notcve.org/view.php?id=CVE-2025-30672
01 Apr 2025 — Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite. • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-11235 – Ubuntu Security Notice USN-7400-1
https://notcve.org/view.php?id=CVE-2024-11235
01 Apr 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-29049
https://notcve.org/view.php?id=CVE-2025-29049
01 Apr 2025 — Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function. • https://github.com/advisories/GHSA-qwj6-q94f-8425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24243 – Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24243
31 Mar 2025 — Processing a maliciously crafted file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write... • https://support.apple.com/en-us/122371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24182 – Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24182
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24244 – Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24244
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •