CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23114
https://notcve.org/view.php?id=CVE-2025-23114
05 Feb 2025 — A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. • https://www.veeam.com/kb4712 •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25246
https://notcve.org/view.php?id=CVE-2025-25246
05 Feb 2025 — NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. • https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53963 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53963
04 Feb 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53965 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53965
04 Feb 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-39943 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-39943
04 Feb 2025 — An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-40222 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-40222
04 Feb 2025 — An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 • CWE-122: Heap-based Buffer Overflow •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13723 – Checkmk NagVis Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-13723
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. • https://checkmk.com/werks?version=2.3.0p10 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8125 – A remote code vulnerability has been discovered in OpenText™ Content Management.
https://notcve.org/view.php?id=CVE-2024-8125
04 Feb 2025 — A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24964 – Remote Code Execution when accessing a malicious website while Vitest API server is listening
https://notcve.org/view.php?id=CVE-2025-24964
04 Feb 2025 — Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. ... An attacker can execute arbitrary code by injecting a code in a test file by the `saveTestFile` API and then running that file by calling the `rerun` API. This vulnerability can result in remote code execution for users that are using Vitest s... • https://github.com/vitest-dev/vitest/blob/9a581e1c43e5c02b11e2a8026a55ce6a8cb35114/packages/vitest/src/api/setup.ts#L32-L46 • CWE-1385: Missing Origin Validation in WebSockets •