CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2025-31132 – Raven allows Remote Code Execution due to improper validation
https://notcve.org/view.php?id=CVE-2025-31132
01 Apr 2025 — A vulnerability allowed any logged in user to execute code via an API endpoint. • https://github.com/The-Commit-Company/raven/security/advisories/GHSA-wmrr-3mrv-2p57 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-1660 – DWFX File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1660
01 Apr 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-1659 – DWFX File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1659
01 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-1658 – DWFX File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1658
01 Apr 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30065 – Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
https://notcve.org/view.php?id=CVE-2025-30065
01 Apr 2025 — Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. • https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-30911 – WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-30911
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. • https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3051 – Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory
https://notcve.org/view.php?id=CVE-2025-3051
01 Apr 2025 — Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672 • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30673 – Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory
https://notcve.org/view.php?id=CVE-2025-30673
01 Apr 2025 — Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672 • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30672 – Mite for Perl generates code with an untrusted search path vulnerability
https://notcve.org/view.php?id=CVE-2025-30672
01 Apr 2025 — Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite. • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-11235 – Ubuntu Security Notice USN-7400-1
https://notcve.org/view.php?id=CVE-2024-11235
01 Apr 2025 — An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to cause a crash or execute arbitrary code. ... An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. •