CVSS: 9.0EPSS: %CPEs: -EXPL: 0CVE-2025-22457
https://notcve.org/view.php?id=CVE-2025-22457
03 Apr 2025 — A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. • https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 1CVE-2025-3161 – Tenda AC10 ShutdownSetAdd stack-based overflow
https://notcve.org/view.php?id=CVE-2025-3161
03 Apr 2025 — A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/LxxxtSec/CVE/blob/main/CVE_1.md#vulnerability-proof-supplement-remote-code-execution-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.9EPSS: %CPEs: 1EXPL: 0CVE-2025-2945 – pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
https://notcve.org/view.php?id=CVE-2025-2945
03 Apr 2025 — Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. • https://github.com/pgadmin-org/pgadmin4/issues/8603 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31477 – Improper Scope Validation in the open Endpoint of tauri-plugin-shell
https://notcve.org/view.php?id=CVE-2025-31477
02 Apr 2025 — Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. ... By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. • https://github.com/tauri-apps/plugins-workspace/commit/9cf0390a52497e273db1a1b613a0e26827aa327c • CWE-20: Improper Input Validation •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31286
https://notcve.org/view.php?id=CVE-2025-31286
02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 164EXPL: 0CVE-2025-20203
https://notcve.org/view.php?id=CVE-2025-20203
02 Apr 2025 — An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 162EXPL: 0CVE-2025-20120
https://notcve.org/view.php?id=CVE-2025-20120
02 Apr 2025 — An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31722
https://notcve.org/view.php?id=CVE-2025-31722
02 Apr 2025 — In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39780 – Use of unsafe yaml load in dynparam
https://notcve.org/view.php?id=CVE-2024-39780
02 Apr 2025 — Through this flaw, a local or remote user can craft and execute arbitrary Python code. • https://github.com/ros/dynamic_reconfigure/pull/202 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29062
https://notcve.org/view.php?id=CVE-2025-29062
02 Apr 2025 — An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. • https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •