
CVE-2025-43766
https://notcve.org/view.php?id=CVE-2025-43766
23 Aug 2025 — The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books component that are processed within the environment enabling arbitrary code execution by attackers. • https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43766 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2009-10006 – UFO: Alien Invasion <= 2.2.1 IRC Client Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-10006
22 Aug 2025 — This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/ufo_ai.rb • CWE-121: Stack-based Buffer Overflow •

CVE-2022-31491
https://notcve.org/view.php?id=CVE-2022-31491
22 Aug 2025 — Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence. • https://github.com/ready2disclose/CVE-2022-31491 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-749: Exposed Dangerous Method or Function •

CVE-2024-52786
https://notcve.org/view.php?id=CVE-2024-52786
22 Aug 2025 — An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. • https://gitee.com/anji-plus/report/issues/IB3ED6 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-287: Improper Authentication •

CVE-2025-55581
https://notcve.org/view.php?id=CVE-2025-55581
22 Aug 2025 — ., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. • https://www.dlink.com/en/security-bulletin • CWE-269: Improper Privilege Management CWE-306: Missing Authentication for Critical Function CWE-494: Download of Code Without Integrity Check •

CVE-2009-20003 – Xenorate <= 2.50 .xpl File Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-20003
21 Aug 2025 — The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb • CWE-121: Stack-based Buffer Overflow •

CVE-2010-20114 – VariCAD EN <= 2010-2.05 .dwb File Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20114
21 Aug 2025 — This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/varicad_dwb.rb • CWE-121: Stack-based Buffer Overflow •

CVE-2009-20002 – Millenium MP3 Studio <= 2.0 .pls File Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-20002
21 Aug 2025 — The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb • CWE-121: Stack-based Buffer Overflow •

CVE-2010-20120 – Maple <= v13 Maplet File Creation and Command Execution
https://notcve.org/view.php?id=CVE-2010-20120
21 Aug 2025 — Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction. • https://www.maplesoft.com/products/maple • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2010-20111 – Digital Music Pad <= 8.2.3.3.4 Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20111
21 Aug 2025 — This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution. • https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519 • CWE-121: Stack-based Buffer Overflow •