CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13952 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-13952
22 May 2025 — Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-13929 – Authenticated Servlet Command Injection
https://notcve.org/view.php?id=CVE-2024-13929
22 May 2025 — Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-13928 – Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-13928
22 May 2025 — SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series:... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30172 – Admin Authorized Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-30172
22 May 2025 — Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9639 – Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9639
22 May 2025 — Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2272 – Privilege Escalation and Arbitrary code execution in F1E Endpoint
https://notcve.org/view.php?id=CVE-2025-2272
22 May 2025 — Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05. • https://support.forcepoint.com/s/article/Security-Advisory-Privilege-Escalation-and-Arbitrary-code-execution-in-F1E-Endpoint • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25010 – Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-25010
22 May 2025 — Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution. Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution. • https://www.ericsson.com/en/about-us/security/psirt/CVE-2024-25010 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31927 – WordPress Acerola <= 1.6.5 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-31927
22 May 2025 — Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5. The Acerola theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.6.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. • https://patchstack.com/database/wordpress/theme/acerola/vulnerability/wordpress-acerola-1-6-5-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48140 – MetalpriceAPI <= 1.1.4 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-48140
22 May 2025 — The MetalpriceAPI plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36535 – AutomationDirect MB-Gateway Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-36535
21 May 2025 — This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality. • https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce • CWE-306: Missing Authentication for Critical Function •