CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-37777
https://notcve.org/view.php?id=CVE-2024-37777
27 Aug 2025 — O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. • https://github.com/o2oa/o2oa/issues/158 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-50977
https://notcve.org/view.php?id=CVE-2025-50977
27 Aug 2025 — The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute JavaScript code in the context of the application. ... This vulnerability enables authenticated administrators to execute arbitrary client-side code, potentially leading to session hijacking, data theft, or further privilege escalation attacks. • https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-50989
https://notcve.org/view.php?id=CVE-2025-50989
27 Aug 2025 — Successful exploitation grants RCE with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. • https://github.com/4rdr/proofs/blob/main/info/OPNsense-25.1-Command-Injection-via-span-parameter.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22410
https://notcve.org/view.php?id=CVE-2025-22410
26 Aug 2025 — In multiple locations, there is a possible way to execute arbitrary code due to a use after free. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22409
https://notcve.org/view.php?id=CVE-2025-22409
26 Aug 2025 — In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22408
https://notcve.org/view.php?id=CVE-2025-22408
26 Aug 2025 — In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22407
https://notcve.org/view.php?id=CVE-2025-22407
26 Aug 2025 — In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22405
https://notcve.org/view.php?id=CVE-2025-22405
26 Aug 2025 — In multiple locations, there is a possible way to execute arbitrary code due to a use after free. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22404
https://notcve.org/view.php?id=CVE-2025-22404
26 Aug 2025 — In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22403
https://notcve.org/view.php?id=CVE-2025-22403
26 Aug 2025 — In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/37bcf769c1aa8dfa8e5524858d47f6a80b765fa4 • CWE-416: Use After Free •