CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
https://notcve.org/view.php?id=NotCVE-2023-0003
06 Dec 2023 — Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24364 – vaultwarden allows RCE in the admin panel
https://notcve.org/view.php?id=CVE-2025-24364
27 Jan 2025 — Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. • https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24357 – vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator
https://notcve.org/view.php?id=CVE-2025-24357
27 Jan 2025 — When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. • https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-12740 – Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software
https://notcve.org/view.php?id=CVE-2024-12740
27 Jan 2025 — These vulnerabilities may result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dependency-on-vulnerable-third-party-component-exposes-vulnerabi.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24367 – Cacti allows Arbitrary File Creation leading to RCE
https://notcve.org/view.php?id=CVE-2025-24367
27 Jan 2025 — An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-144: Improper Neutralization of Line Delimiters •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22604 – Cacti has Authenticated RCE via multi-line SNMP responses
https://notcve.org/view.php?id=CVE-2025-22604
27 Jan 2025 — When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24814 – Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
https://notcve.org/view.php?id=CVE-2025-24814
27 Jan 2025 — Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files ... • https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13448 – ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data
https://notcve.org/view.php?id=CVE-2024-13448
27 Jan 2025 — The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0721 – needyamin image_gallery view.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0721
26 Jan 2025 — A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.293481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •