CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12248 – Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2024-12248
30 Jan 2025 — This could result in remote code execution. ... This could result in remote code execution. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13767 – Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-13767
30 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://wordpress.org/plugins/live-2d • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0373 – Buffer overflow in some filesystems via NFS
https://notcve.org/view.php?id=CVE-2025-0373
30 Jan 2025 — ., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. • https://security.freebsd.org/advisories/FreeBSD-SA-25:02.fs.asc • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11600 – Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Authenticated (Administrator+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-11600
30 Jan 2025 — The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'write_config' function. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/borderless/tags/1.5.7/includes/icon-manager/icon-manager.php#L249 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-53615
https://notcve.org/view.php?id=CVE-2024-53615
30 Jan 2025 — A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. • https://github.com/beune/CVE-2024-53615 •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13720 – WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-13720
29 Jan 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/wp-image-uploader/trunk/index.php#L85 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57395
https://notcve.org/view.php?id=CVE-2024-57395
29 Jan 2025 — Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. • http://www.hzzcka.com • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57509
https://notcve.org/view.php?id=CVE-2024-57509
29 Jan 2025 — Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions. • https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57510
https://notcve.org/view.php?id=CVE-2024-57510
29 Jan 2025 — Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. • https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2024-40673
https://notcve.org/view.php?id=CVE-2024-40673
28 Jan 2025 — In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. • https://github.com/Aakashmom/G3_libcore_native_CVE-2024-40673 • CWE-94: Improper Control of Generation of Code ('Code Injection') •