CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24958 – SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24958
03 Feb 2025 — A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2mhx-5998-46hx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-20634
https://notcve.org/view.php?id=CVE-2025-20634
03 Feb 2025 — This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11132 – Eventer <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2024-11132
03 Feb 2025 — This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12859 – BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
https://notcve.org/view.php?id=CVE-2024-12859
03 Feb 2025 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. • https://documentation.px-lab.com/boombox/changelog • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-57099
https://notcve.org/view.php?id=CVE-2024-57099
03 Feb 2025 — ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server. • https://github.com/ClassCMS/ClassCMS/issues/6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25181
https://notcve.org/view.php?id=CVE-2025-25181
03 Feb 2025 — A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. • https://advantive.my.site.com/support/s/knowledge • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0899 – PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-0899
31 Jan 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0901 – PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-0901
31 Jan 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-0902 – PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0902
31 Jan 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0903 – PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-0903
31 Jan 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •