CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-55372
https://notcve.org/view.php?id=CVE-2024-55372
16 Apr 2025 — Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands. • https://www.datafarm.co.th/blog/CVE-2024-55371-and-CVE-2024-55372-Malicious-File-Upload-to-RCE-in-Wallos-Application • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1274 – RCS File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-1274
15 Apr 2025 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1277 – PDF File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1277
15 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1656 – PDF File Parsing Heap-based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1656
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1273 – PDF File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1273
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2497 – DWG File Parsing Stack-Based Buffer Vulnerability
https://notcve.org/view.php?id=CVE-2025-2497
15 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0005 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1276 – DWG File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-1276
15 Apr 2025 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1275 – JPG File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1275
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0006 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31499 – Jellyfin Vulnerable to Argument Injection in FFmpeg
https://notcve.org/view.php?id=CVE-2025-31499
15 Apr 2025 — This can be leveraged to possibly achieve remote code execution by anyone with credentials to a low-privileged user. ... This argument injection can be exploited to achieve arbitrary file write, leading to possible remote code execution through the plugin system. • https://github.com/jellyfin/jellyfin/commit/79f3ce53257c5291887cd52d8ac735b5252c9a97 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32012 – Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing
https://notcve.org/view.php?id=CVE-2025-32012
15 Apr 2025 — This method of IP spoofing also bypasses some security mechanisms, cause a denial-of-service attack, and possible bypass the admin restart requirement if combined with remote code execution. • https://github.com/jellyfin/jellyfin/commit/f625665cb116a7e3feb8b79aaf1ed39a956e0585 • CWE-290: Authentication Bypass by Spoofing •