CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55964
https://notcve.org/view.php?id=CVE-2024-55964
26 Mar 2025 — An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30767 – WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-30767
26 Mar 2025 — Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0. The The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This make... • https://patchstack.com/database/wordpress/plugin/pdf-for-wpforms/vulnerability/wordpress-pdf-for-wpforms-plugin-5-3-0-arbitrary-shortcode-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30216 – CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length
https://notcve.org/view.php?id=CVE-2025-30216
25 Mar 2025 — This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. • https://github.com/oliviaisntcringe/CVE-2025-30216-PoC • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27633
https://notcve.org/view.php?id=CVE-2025-27633
25 Mar 2025 — The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45480 – Unauthorized local file reading in B&R APROL
https://notcve.org/view.php?id=CVE-2024-45480
25 Mar 2025 — An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system. • https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30091
https://notcve.org/view.php?id=CVE-2025-30091
25 Mar 2025 — In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed. • https://www.moxiemanager.com/changelog • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55028
https://notcve.org/view.php?id=CVE-2024-55028
25 Mar 2025 — A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. • https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-24514 – ingress-nginx controller - configuration injection via unsanitized auth-url annotation
https://notcve.org/view.php?id=CVE-2025-24514
24 Mar 2025 — This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-1098 – ingress-nginx controller - configuration injection via unsanitized mirror annotations
https://notcve.org/view.php?id=CVE-2025-1098
24 Mar 2025 — This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 3CVE-2025-1097 – ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
https://notcve.org/view.php?id=CVE-2025-1097
24 Mar 2025 — This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •