NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVE-2024-13091 – WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13091
21 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-51092 – LibreNMS Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-51092
20 Jan 2025 — An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. • https://packetstorm.news/files/id/188748 •
CVE-2025-0411 – 7-Zip Mark-of-the-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0411
19 Jan 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. •
CVE-2025-23209 – Potential RCE with a compromised security key in craft/cms
https://notcve.org/view.php?id=CVE-2025-23209
18 Jan 2025 — This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. • https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2025-21606 – Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
https://notcve.org/view.php?id=CVE-2025-21606
17 Jan 2025 — An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execute arbitrary code with root privileges. • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2024-13503 – Stack-Based Buffer Overflow in Newtec's update signaling causes RCE
https://notcve.org/view.php?id=CVE-2024-13503
17 Jan 2025 — A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. ... A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. • https://doi.org/10.1145/3643833.3656139 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-12703
https://notcve.org/view.php?id=CVE-2024-12703
17 Jan 2025 — CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. ... CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-06.pdf • CWE-502: Deserialization of Untrusted Data •
CVE-2024-12476
https://notcve.org/view.php?id=CVE-2024-12476
17 Jan 2025 — CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on t... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-11139
https://notcve.org/view.php?id=CVE-2024-11139
17 Jan 2025 — CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file. ... CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-09&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-09.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •