CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-12649
https://notcve.org/view.php?id=CVE-2024-12649
28 Jan 2025 — Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. • https://canon.jp/support/support-info/250127vulnerability-response • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-12648
https://notcve.org/view.php?id=CVE-2024-12648
28 Jan 2025 — Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. • https://canon.jp/support/support-info/250127vulnerability-response • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-12647
https://notcve.org/view.php?id=CVE-2024-12647
28 Jan 2025 — Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. • https://canon.jp/support/support-info/250127vulnerability-response • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24159
https://notcve.org/view.php?id=CVE-2025-24159
27 Jan 2025 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/122066 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24153
https://notcve.org/view.php?id=CVE-2025-24153
27 Jan 2025 — An app with root privileges may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/122068 •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48841 – Remote Code Execution (RCE) Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-48841
27 Jan 2025 — Network access can be used to execute arbitrary code with elevated privileges. ... Network access can be used to execute arbitrary code with elevated privileges. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24364 – vaultwarden allows RCE in the admin panel
https://notcve.org/view.php?id=CVE-2025-24364
27 Jan 2025 — Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. • https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24357 – vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator
https://notcve.org/view.php?id=CVE-2025-24357
27 Jan 2025 — When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. • https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24367 – Cacti allows Arbitrary File Creation leading to RCE
https://notcve.org/view.php?id=CVE-2025-24367
27 Jan 2025 — An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-144: Improper Neutralization of Line Delimiters •