CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 6CVE-2024-48841 – Remote Code Execution (RCE) Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-48841
27 Jan 2025 — Network access can be used to execute arbitrary code with elevated privileges. ... Network access can be used to execute arbitrary code with elevated privileges. ... ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. • https://packetstorm.news/files/id/188963 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24364 – vaultwarden allows RCE in the admin panel
https://notcve.org/view.php?id=CVE-2025-24364
27 Jan 2025 — Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. • https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24357 – vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator
https://notcve.org/view.php?id=CVE-2025-24357
27 Jan 2025 — When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. • https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-12740 – Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software
https://notcve.org/view.php?id=CVE-2024-12740
27 Jan 2025 — These vulnerabilities may result in arbitrary code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dependency-on-vulnerable-third-party-component-exposes-vulnerabi.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24367 – Cacti allows Arbitrary File Creation leading to RCE
https://notcve.org/view.php?id=CVE-2025-24367
27 Jan 2025 — An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-144: Improper Neutralization of Line Delimiters •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22604 – Cacti has Authenticated RCE via multi-line SNMP responses
https://notcve.org/view.php?id=CVE-2025-22604
27 Jan 2025 — When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13448 – ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data
https://notcve.org/view.php?id=CVE-2024-13448
27 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48662
https://notcve.org/view.php?id=CVE-2024-48662
27 Jan 2025 — Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component. • https://github.com/VuDuc09/vuln_research/tree/main/CVE-2024-48662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49043 – Ubuntu Security Notice USN-7240-1
https://notcve.org/view.php?id=CVE-2022-49043
26 Jan 2025 — A remote attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. ... If a user or automated system were tricked into running xmllint on a specially crafted xml file, a remote attacker could cause xmllint to crash, resulting in a denial of service. • https://github.com/php/php-src/issues/17467 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39750 – IBM Analytics Content Hub buffer overflow
https://notcve.org/view.php?id=CVE-2024-39750
25 Jan 2025 — A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. • https://www.ibm.com/support/pages/node/7172787 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •