CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30878 – WordPress JS Help Desk plugin <= 2.9.2 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-30878
27 Mar 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30910 – WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-30910
27 Mar 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/cm-download-manager/vulnerability/wordpress-cm-download-manager-plugin-2-9-6-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30911 – WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-30911
27 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins on the affected site's server which may make remote code execution possible. WordPress RomethemeKit For Elementor plugin versions 1.5.4 and below suffer from an authenticated arbitrary plugin installa... • https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-20229 – Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20229
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. • https://advisory.splunk.com/advisories/SVD-2025-0301 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2837 – Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2837
26 Mar 2025 — Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://community.silabs.com/a45Vm0000000Atp • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29322
https://notcve.org/view.php?id=CVE-2025-29322
26 Mar 2025 — A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages. • https://github.com/simalamuel/Research/tree/main/CVE-2025-29322 •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 2CVE-2024-55963 – AppSmith 1.47 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-55963
26 Mar 2025 — AppSmith version 1.4.7 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/190267 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41643
https://notcve.org/view.php?id=CVE-2024-41643
26 Mar 2025 — An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. • https://gavpherk.github.io/GavinKelsey • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-55964 – Appsmith Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-55964
26 Mar 2025 — An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. ... An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. • https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47516 – Pagure: argument injection in pagurerepo.log()
https://notcve.org/view.php?id=CVE-2024-47516
25 Mar 2025 — An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. • https://access.redhat.com/security/cve/CVE-2024-47516 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •