CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29043
https://notcve.org/view.php?id=CVE-2025-29043
17 Apr 2025 — An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234 • https://gist.github.com/xyqer1/d5a5b18743b7a2fcbc0f93001d8e2ad9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29044
https://notcve.org/view.php?id=CVE-2025-29044
17 Apr 2025 — Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value • https://gist.github.com/xyqer1/09fe6488a6655776c8c5d33e630a0f2a • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29045
https://notcve.org/view.php?id=CVE-2025-29045
17 Apr 2025 — Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value • https://gist.github.com/xyqer1/16f6b44ef062374bc32c12952c7b81f8 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29046
https://notcve.org/view.php?id=CVE-2025-29046
17 Apr 2025 — Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value • https://gist.github.com/xyqer1/7f9970240aec0af412caee79271a5be5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29047
https://notcve.org/view.php?id=CVE-2025-29047
17 Apr 2025 — Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser • https://gist.github.com/xyqer1/74adbc0249eeacf762fb4d33cf93a0f5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-29661
https://notcve.org/view.php?id=CVE-2025-29661
17 Apr 2025 — Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. • https://github.com/litepubl/cms/issues/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29662
https://notcve.org/view.php?id=CVE-2025-29662
17 Apr 2025 — A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. • https://github.com/landchat/LandChat/issues/5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32688 – Target Video Easy Publish <= 3.8.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2025-32688
17 Apr 2025 — The The Target Video Easy Publish plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.5. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39401 – WPAMS <= 44.0 (17-08-2023) - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-39401
17 Apr 2025 — The WPAMS - Apartment Management System for wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 44.0 (17-08-2023). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39402 – WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-39402
17 Apr 2025 — The WPAMS - Apartment Management System for wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 44.0 (17-08-2023). This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •