CVSS: 10.0EPSS: %CPEs: -EXPL: 0CVE-2025-34028 – Commvault Command Center Innovation Release Unathenticated Path Traversal
https://notcve.org/view.php?id=CVE-2025-34028
22 Apr 2025 — A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. • https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: %CPEs: 1EXPL: 0CVE-2025-23251
https://notcve.org/view.php?id=CVE-2025-23251
22 Apr 2025 — NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5641 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: %CPEs: 1EXPL: 0CVE-2025-23249
https://notcve.org/view.php?id=CVE-2025-23249
22 Apr 2025 — NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5641 • CWE-502: Deserialization of Untrusted Data •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-40445
https://notcve.org/view.php?id=CVE-2024-40445
22 Apr 2025 — Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload • https://github.com/Oefenweb/mimetex/blob/master/mimetex.c#L12414-L12423 •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-40446
https://notcve.org/view.php?id=CVE-2024-40446
22 Apr 2025 — An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script • https://youtu.be/S3cmZkWIi6o •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3616 – Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-3616
21 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/0db4671e-1989-44a4-babe-ed699c7f3a52?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-3837 – Improper Input Validation vulnerability in the End of Life (EOL) OVA based connect component
https://notcve.org/view.php?id=CVE-2025-3837
21 Apr 2025 — Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component. • https://saviynt.com/trust-compliance-security • CWE-20: Improper Input Validation •
CVSS: 9.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-0632 – Local File Inclusion (LFI) leading to sensitive data exposure
https://notcve.org/view.php?id=CVE-2025-0632
21 Apr 2025 — Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. ... This issue affects Rock Maker Web: from 3.2.1.1 and later Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. • https://www.formulatrix.com/downloads/apps/repository/rockmaker • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 1CVE-2025-28121 – Online Exam Mastering System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2025-28121
21 Apr 2025 — code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code. • https://code-projects.org/online-exam-mastering-system-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29287
https://notcve.org/view.php?id=CVE-2025-29287
21 Apr 2025 — An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. • http://cms.com • CWE-434: Unrestricted Upload of File with Dangerous Type •