CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20284 – Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20284
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. ... An attacker can leverage this vulnerability to execute code in the context of the iseadminportal user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20283 – Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20283
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. ... An attacker can leverage this vulnerability to execute code in the context of the iseadminportal user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.4EPSS: 1%CPEs: 1EXPL: 0CVE-2025-7712 – Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-7712
16 Jul 2025 — The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://mangabooth.com/product/wp-manga-theme-madara • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34300 – Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
https://notcve.org/view.php?id=CVE-2025-34300
16 Jul 2025 — Exploitation allows an unauthenticated attacker can execute arbitrary commands. ... Exploitation allows an unauthenticated attacker can execute arbitrary commands. • https://slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-survey-software-youve-never-heard-of • CWE-20: Improper Input Validation CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7673
https://notcve.org/view.php?id=CVE-2025-7673
16 Jul 2025 — A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request. • https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: -EPSS: 0%CPEs: -EXPL: 2CVE-2025-52367 – PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-52367
16 Jul 2025 — PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. • https://packetstorm.news/files/id/207138 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5396 – Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-5396
16 Jul 2025 — The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. ... This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. • https://themeforest.net/item/alone-charity-multipurpose-nonprofit-wordpress-theme/15019939 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49828 – Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-49828
15 Jul 2025 — Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. • https://github.com/cyberark/conjur/releases/tag/v1.21.2 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-41239 – vSockets information-disclosure vulnerability
https://notcve.org/view.php?id=CVE-2025-41239
15 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of VMCI. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the host. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6043 – Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-6043
15 Jul 2025 — The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This makes it possible for authenticated attackers, with Subscriber-level ... • https://plugins.trac.wordpress.org/browser/wp-malware-removal/tags/16.8/wpmr.php#L4570 • CWE-862: Missing Authorization •