CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-20882
https://notcve.org/view.php?id=CVE-2025-20882
04 Feb 2025 — Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-20881
https://notcve.org/view.php?id=CVE-2025-20881
04 Feb 2025 — Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: -EPSS: %CPEs: -EXPL: 1CVE-2024-48445 – Compop Online Mall 3.5.3 Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-48445
04 Feb 2025 — An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. • https://packetstorm.news/files/id/188996 •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-0413 – Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-0413
04 Feb 2025 — An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. ... By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute ... • https://kb.parallels.com/130212 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2025-1028 – Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload
https://notcve.org/view.php?id=CVE-2025-1028
04 Feb 2025 — The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in specific configurations where the first extension is processed over the final. • https://plugins.trac.wordpress.org/changeset?old_path=/contact-manager/tags/8.6.4&new_path=/contact-manager/tags/8.6.5&sfp_email=&sfph_mail= • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24901 – SQL Injection endpoint 'deletar_permissao.php' parameter 'c', 'a', 'r' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24901
03 Feb 2025 — A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24902 – SQL Injection endpoint 'salvar_cargo.php' parameter 'id_cargo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24902
03 Feb 2025 — A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pg73-w9vx-8mgp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24905 – SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24905
03 Feb 2025 — A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24906 – SQL Injection endpoint 'get_detalhes_cobranca.php' parameter 'codigo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24906
03 Feb 2025 — A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jpph-g9p7-9jrm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24957 – SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24957
03 Feb 2025 — A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •