CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30213 – Frappe has Possibility of Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-30213
25 Mar 2025 — Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. • https://github.com/frappe/frappe/security/advisories/GHSA-v342-4xr9-x3q3 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-2773 – BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2773
25 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2767
25 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. ... The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2769 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2769
25 Mar 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2766 – 70mai A510 Use of Default Password Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-2766
25 Mar 2025 — An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2768 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2768
25 Mar 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-2764 – CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2764
25 Mar 2025 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2762 – CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2762
25 Mar 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the application system-on-chip (SoC). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2763 – CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2763
25 Mar 2025 — This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2257 – Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection
https://notcve.org/view.php?id=CVE-2025-2257
25 Mar 2025 — The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. ... This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://github.com/BoldGrid/boldgrid-backup/pull/622/files • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •