CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-0960 – AutomationDirect C-more EA9 HMI Classic Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-0960
04 Feb 2025 — AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device. • https://community.automationdirect.com/s/cybersecurity/security-advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2025-24966 – HTML Injection in reNgine
https://notcve.org/view.php?id=CVE-2025-24966
04 Feb 2025 — HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. ... Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. • https://github.com/yogeshojha/rengine/security/advisories/GHSA-4phc-m2wm-p8x6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.5EPSS: %CPEs: 1EXPL: 0CVE-2025-24971 – OS Command Injection endpoint '/upload/init' parameter 'filename' (RCE) in DumpDrop
https://notcve.org/view.php?id=CVE-2025-24971
04 Feb 2025 — This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. • https://github.com/DumbWareio/DumbDrop/commit/4ff8469d69019d200046a67d326f51703bc4da63 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-0364 – BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
https://notcve.org/view.php?id=CVE-2025-0364
04 Feb 2025 — BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. ... Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution. • https://vulncheck.com/advisories/big-ant-upload-rce • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.3EPSS: %CPEs: 2EXPL: 0CVE-2024-23690 – EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection
https://notcve.org/view.php?id=CVE-2024-23690
04 Feb 2025 — An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands. • https://vulncheck.com/advisories/netgear-fvs336g-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: %CPEs: -EXPL: 0CVE-2025-24677 – WordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-24677
04 Feb 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/postpage-import-export-with-custom-fields-taxonomies/vulnerability/wordpress-post-page-copying-tool-to-export-and-import-post-page-for-cross-site-migration-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: %CPEs: -EXPL: 0CVE-2025-22206 – Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla
https://notcve.org/view.php?id=CVE-2025-22206
04 Feb 2025 — A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. • https://joomsky.com/js-jobs-joomla • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-22204 – Extension - regularlabs.com - Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for Joomla
https://notcve.org/view.php?id=CVE-2025-22204
04 Feb 2025 — Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. • https://regularlabs.com/sourcerer • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-20890
https://notcve.org/view.php?id=CVE-2025-20890
04 Feb 2025 — Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-20888
https://notcve.org/view.php?id=CVE-2025-20888
04 Feb 2025 — Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •