CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24480 – FactoryTalk® View Machine Editon - Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-24480
28 Jan 2025 — A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1719.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23211 – Tandoor Recipes - SSTI - Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-23211
28 Jan 2025 — Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24. • https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23045 – CVAT allows remote code execution via tracker Nuclio functions
https://notcve.org/view.php?id=CVE-2025-23045
28 Jan 2025 — An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. • https://github.com/cvat-ai/cvat/commit/563e1dfde64b15fa042b23f9d09cd854b35f0366 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-0065 – Improper Neutralization of Argument Delimiters in TeamViewer Clients
https://notcve.org/view.php?id=CVE-2025-0065
28 Jan 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-12649 – Canon imageCLASS MF656Cdw TTF Parsing Write-What-Where Condition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12649
28 Jan 2025 — Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. ... An ... • https://canon.jp/support/support-info/250127vulnerability-response • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-12648 – Canon imageCLASS MF656Cdw TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12648
28 Jan 2025 — Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. • https://canon.jp/support/support-info/250127vulnerability-response • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-12647 – Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12647
28 Jan 2025 — Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. • https://canon.jp/support/support-info/250127vulnerability-response • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57376
https://notcve.org/view.php?id=CVE-2024-57376
28 Jan 2025 — Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution. • https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24159 – Apple Security Advisory 01-27-2025-8
https://notcve.org/view.php?id=CVE-2025-24159
27 Jan 2025 — An app may be able to execute arbitrary code with kernel privileges. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122066 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24153 – Apple Security Advisory 01-27-2025-4
https://notcve.org/view.php?id=CVE-2025-24153
27 Jan 2025 — An app with root privileges may be able to execute arbitrary code with kernel privileges. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •