CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2025-0134 – Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM
https://notcve.org/view.php?id=CVE-2025-0134
14 May 2025 — A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM. • https://security.paloaltonetworks.com/CVE-2025-0134 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.9EPSS: %CPEs: 1EXPL: 0CVE-2025-47782 – motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
https://notcve.org/view.php?id=CVE-2025-47782
14 May 2025 — In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. • https://github.com/motioneye-project/motioneye/issues/3142 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: %CPEs: 1EXPL: 0CVE-2025-47777 – 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-47777
14 May 2025 — This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. • https://positive.security/blog/url-open-rce • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-3917 – 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-3917
14 May 2025 — The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47292 – Cap Collectif vulnerable to insecure deserialization leading to remote code execution
https://notcve.org/view.php?id=CVE-2025-47292
14 May 2025 — Exploitation of this vulnerability can lead to Remote Code Execution. • https://github.com/cap-collectif/cap-collectif/commit/812f2a7d271b76deab1175bdaf2be0b8102dd198 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24780 – Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
https://notcve.org/view.php?id=CVE-2024-24780
14 May 2025 — Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. ... Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. • https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3053 – UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-3053
14 May 2025 — The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to... • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2025-47916 – Invision Community 5.0.6 Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-47916
14 May 2025 — Invision Community versions 5.0.0 through 5.0.6 suffer from a customCss related remote code execution vulnerability. • https://packetstorm.news/files/id/192096 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43565 – ColdFusion | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2025-43565
13 May 2025 — ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed. • https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html • CWE-863: Incorrect Authorization •
CVSS: 9.4EPSS: 1%CPEs: 1EXPL: 0CVE-2025-43559 – ColdFusion | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2025-43559
13 May 2025 — ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. • https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html • CWE-20: Improper Input Validation •