NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVE-2024-13091 – WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13091
21 Jan 2025 — The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2025-0428 – AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts
https://notcve.org/view.php?id=CVE-2025-0428
21 Jan 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • CWE-502: Deserialization of Untrusted Data •
CVE-2025-0429 – AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms
https://notcve.org/view.php?id=CVE-2025-0429
21 Jan 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • CWE-502: Deserialization of Untrusted Data •
CVE-2025-23220 – WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'
https://notcve.org/view.php?id=CVE-2025-23220
20 Jan 2025 — A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/commit/1739e1589948a207b8a82b9bfe078cb826d420de • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2025-23219 – WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'
https://notcve.org/view.php?id=CVE-2025-23219
20 Jan 2025 — A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2025-23218 – WeGIA has a SQL Injection endpoint 'adicionar_especie.php' parameter 'especie'
https://notcve.org/view.php?id=CVE-2025-23218
20 Jan 2025 — A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/commit/7465f785651c0cff65059bba96b015ab54235de4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-51092 – LibreNMS Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-51092
20 Jan 2025 — Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. • https://packetstorm.news/files/id/188748 •
CVE-2024-10936 – String Locator <= 2.6.6 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-10936
20 Jan 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://plugins.trac.wordpress.org/browser/string-locator/trunk/includes/Extension/SearchReplace/Replace/class-sql.php#L170 • CWE-502: Deserialization of Untrusted Data •
CVE-2025-0411 – 7-Zip Mark-of-the-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0411
19 Jan 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. •