NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
https://notcve.org/view.php?id=NotCVE-2023-0003
06 Dec 2023 — Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •
NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVE-2024-13091 – WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13091
21 Jan 2025 — The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-54794
https://notcve.org/view.php?id=CVE-2024-54794
21 Jan 2025 — The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. • https://github.com/MarioTesoro/CVE-2024-54794 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2025-0581 – CampCodes School Management Software Chat History send cross site scripting
https://notcve.org/view.php?id=CVE-2025-0581
20 Jan 2025 — A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20Stored%20Cross%20Site%20Scripting-%20Account%20Takeover%20Possibility.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2025-0586 – aEnrich Technology a+HRD - Insecure Deserialization
https://notcve.org/view.php?id=CVE-2025-0586
20 Jan 2025 — The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. • https://www.twcert.org.tw/en/cp-139-8375-59abd-2.html • CWE-502: Deserialization of Untrusted Data •
CVE-2025-0578 – Facile Sistemas Cloud Apps Password Reset forgotpassword cross site scripting
https://notcve.org/view.php?id=CVE-2025-0578
20 Jan 2025 — A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.292596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-51092 – LibreNMS Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-51092
20 Jan 2025 — Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. • https://packetstorm.news/files/id/188748 •
CVE-2025-0576 – Mobotix M15 player cross site scripting
https://notcve.org/view.php?id=CVE-2025-0576
19 Jan 2025 — A vulnerability was found in Mobotix M15 4.3.4.83 and classified as problematic. This issue affects some unknown processing of the file /control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt. The manipulation of the argument p_qual leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.292541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2025-0411 – 7-Zip Mark-of-the-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0411
19 Jan 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. •