CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39538 – WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-39538
16 Apr 2025 — The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.3.9.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wp-advanced-search/vulnerability/wordpress-wp-advanced-search-3-3-9-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39557 – WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-39557
16 Apr 2025 — The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.5.14. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/kadence-woocommerce-email-designer/vulnerability/wordpress-kadence-woocommerce-email-designer-plugin-1-5-14-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-39601 – WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-39601
16 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. ... This makes it possible for unauthenticated attackers to inject arbitrary code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. WordPress Custom CSS, JS and PHP versions 2.4.1 and below suffer from a cross site request forgery vulnerability that leads to remote code execution. • https://patchstack.com/database/wordpress/plugin/custom-css/vulnerability/wordpress-custom-css-js-php-plugin-2-4-1-csrf-to-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1274 – RCS File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-1274
15 Apr 2025 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1277 – PDF File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1277
15 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1656 – PDF File Parsing Heap-based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1656
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1273 – PDF File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1273
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2497 – DWG File Parsing Stack-Based Buffer Vulnerability
https://notcve.org/view.php?id=CVE-2025-2497
15 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0005 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1276 – DWG File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-1276
15 Apr 2025 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1275 – JPG File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1275
15 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0006 • CWE-122: Heap-based Buffer Overflow •