
CVE-2024-54449 – Remote Code Execution (RCE) via Arbitrary File Write In Document API
https://notcve.org/view.php?id=CVE-2024-54449
14 Mar 2025 — This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. ... This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-23: Relative Path Traversal •

CVE-2024-54448 – Remote Code Execution (RCE) via Automation Scripting
https://notcve.org/view.php?id=CVE-2024-54448
14 Mar 2025 — The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. The Automation Scripting functionality can be exploited by at... • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2023-45588
https://notcve.org/view.php?id=CVE-2023-45588
14 Mar 2025 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •

CVE-2025-2000 – Qiskit SDK code execution
https://notcve.org/view.php?id=CVE-2025-2000
14 Mar 2025 — A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. • https://www.ibm.com/support/pages/node/7185949 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-27593 – RCE due to Device Driver
https://notcve.org/view.php?id=CVE-2025-27593
14 Mar 2025 — The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-494: Download of Code Without Integrity Check •

CVE-2024-29409
https://notcve.org/view.php?id=CVE-2024-29409
14 Mar 2025 — File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. • https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f •

CVE-2025-29384
https://notcve.org/view.php?id=CVE-2025-29384
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan1.md •

CVE-2025-29385
https://notcve.org/view.php?id=CVE-2025-29385
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan3.md •

CVE-2025-29386
https://notcve.org/view.php?id=CVE-2025-29386
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan4.md •

CVE-2025-29387
https://notcve.org/view.php?id=CVE-2025-29387
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan2.md •