NotCVE - "execute arbitrary code"

47565 results (0.266 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-54449 – Remote Code Execution (RCE) via Arbitrary File Write In Document API

https://notcve.org/view.php?id=CVE-2024-54449

14 Mar 2025 — The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. An account with ‘read... • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-23: Relative Path Traversal •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-54448 – Remote Code Execution (RCE) via Automation Scripting

https://notcve.org/view.php?id=CVE-2024-54448

14 Mar 2025 — The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. ... The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-45588

https://notcve.org/view.php?id=CVE-2023-45588

14 Mar 2025 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-2000 – Qiskit SDK code execution

https://notcve.org/view.php?id=CVE-2025-2000

14 Mar 2025 — A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. • https://www.ibm.com/support/pages/node/7185949 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0

CVE-2025-27593 – RCE due to Device Driver

https://notcve.org/view.php?id=CVE-2025-27593

14 Mar 2025 — The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-494: Download of Code Without Integrity Check •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-29409

https://notcve.org/view.php?id=CVE-2024-29409

14 Mar 2025 — File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. • https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2025-1652 – MODEL File Parsing Out-of-Bounds Read Vulnerability

https://notcve.org/view.php?id=CVE-2025-1652

13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-125: Out-of-bounds Read •