CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3425 – Unauthenticated Remote Code Execution via .NET Deserialization
https://notcve.org/view.php?id=CVE-2025-3425
07 Apr 2025 — After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. • https://www.cve.org/CVERecord?id=CVE-2025-3425 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2004 – Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-2004
07 Apr 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/simple-wp-events/trunk/admin/includes/wp-events-export-events.php#L399 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3248 – Langflow Unauth RCE
https://notcve.org/view.php?id=CVE-2025-3248
07 Apr 2025 — Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. • https://github.com/langflow-ai/langflow/pull/6911 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2251 – Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution
https://notcve.org/view.php?id=CVE-2025-2251
07 Apr 2025 — A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. ... This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication. • https://access.redhat.com/security/cve/CVE-2025-2251 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30473 – Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection
https://notcve.org/view.php?id=CVE-2025-30473
07 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. ... Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. • https://github.com/apache/airflow/pull/48098 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20654
https://notcve.org/view.php?id=CVE-2025-20654
07 Apr 2025 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29481
https://notcve.org/view.php?id=CVE-2025-29481
07 Apr 2025 — Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. • https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29482
https://notcve.org/view.php?id=CVE-2025-29482
07 Apr 2025 — Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. • https://github.com/lmarch2/poc/blob/main/libheif/libheif.md •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2760 – GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2760
07 Apr 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2761 – GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2761
07 Apr 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •