CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-28893 – WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-28893
26 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29322
https://notcve.org/view.php?id=CVE-2025-29322
26 Mar 2025 — A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages. • https://github.com/simalamuel/Research/tree/main/CVE-2025-29322 •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41643
https://notcve.org/view.php?id=CVE-2024-41643
26 Mar 2025 — An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. • https://gavpherk.github.io/GavinKelsey • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47516 – Pagure: argument injection in pagurerepo.log()
https://notcve.org/view.php?id=CVE-2024-47516
25 Mar 2025 — An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. • https://access.redhat.com/security/cve/CVE-2024-47516 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2312 – cifs.upcall makes an upcall to the wrong namespace in containerized environments
https://notcve.org/view.php?id=CVE-2025-2312
25 Mar 2025 — A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. ... An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174 • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58105
https://notcve.org/view.php?id=CVE-2024-58105
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. ... Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-286: Incorrect User Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58104
https://notcve.org/view.php?id=CVE-2024-58104
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30213 – Frappe has Possibility of Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-30213
25 Mar 2025 — Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. • https://github.com/frappe/frappe/security/advisories/GHSA-v342-4xr9-x3q3 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-2773 – BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2773
25 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2767
25 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. ... The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. •