CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54449 – Remote Code Execution (RCE) via Arbitrary File Write In Document API
https://notcve.org/view.php?id=CVE-2024-54449
14 Mar 2025 — This can be used to facilitate RCE. ... This can be used to facilitate RCE. • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54448 – Remote Code Execution (RCE) via Automation Scripting
https://notcve.org/view.php?id=CVE-2024-54448
14 Mar 2025 — The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. The Automation Scripting functionality can be exploited by at... • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45588
https://notcve.org/view.php?id=CVE-2023-45588
14 Mar 2025 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2000 – Qiskit SDK code execution
https://notcve.org/view.php?id=CVE-2025-2000
14 Mar 2025 — A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. • https://www.ibm.com/support/pages/node/7185949 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27593 – RCE due to Device Driver
https://notcve.org/view.php?id=CVE-2025-27593
14 Mar 2025 — The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29409
https://notcve.org/view.php?id=CVE-2024-29409
14 Mar 2025 — File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. • https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1652 – MODEL File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-1652
13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1651 – MODEL File Parsing Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1651
13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1650 – CATPRODUCT File Parsing Uninitialized Variable Vulnerability
https://notcve.org/view.php?id=CVE-2025-1650
13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1649 – CATPRODUCT File Parsing Uninitialized Variable Vulnerability
https://notcve.org/view.php?id=CVE-2025-1649
13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-457: Use of Uninitialized Variable •