CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-34129 – LILIN DVR RCE via Malicious FTP/NTP Configuration
https://notcve.org/view.php?id=CVE-2025-34129
16 Jul 2025 — A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobo... • https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 3CVE-2025-34128 – X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()
https://notcve.org/view.php?id=CVE-2025-34128
16 Jul 2025 — An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 2CVE-2025-34127 – Achat v0.150 SEH Buffer Overflow via UDP
https://notcve.org/view.php?id=CVE-2025-34127
16 Jul 2025 — By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/achat_bof.rb • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 3CVE-2025-34121 – Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE
https://notcve.org/view.php?id=CVE-2025-34121
16 Jul 2025 — An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. • https://www.vulncheck.com/advisories/idera-uptime-arbitrary-file-upload-rce • CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: %CPEs: -EXPL: 3CVE-2025-34117 – Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
https://notcve.org/view.php?id=CVE-2025-34117
16 Jul 2025 — A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. ... An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. • https://www.vulncheck.com/advisories/netcore-netis-routers-backdoor-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function CWE-912: Hidden Functionality •
CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-37105
https://notcve.org/view.php?id=CVE-2025-37105
16 Jul 2025 — An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04877en_us •
CVSS: 10.0EPSS: %CPEs: 6EXPL: 0CVE-2025-20337 – Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20337
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.7EPSS: %CPEs: 2EXPL: 0CVE-2025-20284 – Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20284
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. ... A successful exploit could allow the attacker to execute commands as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.7EPSS: %CPEs: 2EXPL: 0CVE-2025-20283 – Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20283
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. ... A successful exploit could allow the attacker to execute commands as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-53937 – WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint
https://notcve.org/view.php?id=CVE-2025-53937
16 Jul 2025 — A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifically in the `cargo` parameter, of WeGIA prior to version 3.4.5. A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifically in the `cargo` parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability... • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-j3qv-v3m7-73pj • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •