CVSS: 9.8EPSS: %CPEs: 1EXPL: 3CVE-2025-34107 – WinaXe 7.7 FTP Client Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-34107
15 Jul 2025 — When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user. • http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: %CPEs: 1EXPL: 2CVE-2025-34106 – PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature
https://notcve.org/view.php?id=CVE-2025-34106
15 Jul 2025 — An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/shaper_pdf_bof.rb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.5EPSS: %CPEs: 4EXPL: 2CVE-2025-34109 – Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-34109
15 Jul 2025 — An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/panda_psevents.rb • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: %CPEs: 3EXPL: 3CVE-2025-34105 – DiskBoss Enterprise Stack-Based Buffer Overflow RCE
https://notcve.org/view.php?id=CVE-2025-34105
15 Jul 2025 — By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/diskboss_get_bof.rb • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 3CVE-2025-34108 – Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-34108
15 Jul 2025 — Successful exploitation allows arbitrary code execution with SYSTEM privileges. • https://advisories.checkpoint.com/defense/advisories/public/2017/cpai-2017-0006.html • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53890 – pyLoad vulnerable to remote code execution through js2py onCaptchaResult
https://notcve.org/view.php?id=CVE-2025-53890
14 Jul 2025 — pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included ... • https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-53836 – XWiki Rendering is vulnerable to RCE attacks when processing nested macros
https://notcve.org/view.php?id=CVE-2025-53836
14 Jul 2025 — XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that a... • https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53623 – Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
https://notcve.org/view.php?id=CVE-2025-53623
14 Jul 2025 — The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the `CsvEnumerator` class. • https://github.com/Shopify/job-iteration/commit/1a7adfdd041105a5e45e774cadc6b973a292ba55 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-7519 – Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-7519
14 Jul 2025 — This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. • https://access.redhat.com/security/cve/CVE-2025-7519 • CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7601 – PHPGurukul Online Library Management System student-history.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7601
14 Jul 2025 — A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/student-history.php. The manipulation of the argument stdid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/f1rstb100d/myCVE/issues/142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •