CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-11837 – Malware Remover
https://notcve.org/view.php?id=CVE-2025-11837
02 Jan 2026 — An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. • https://www.qnap.com/en/security-advisory/qsa-25-47 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68619 – Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
https://notcve.org/view.php?id=CVE-2025-68619
01 Jan 2026 — When npm installs a package, it can automatically execute any `postinstall` script defined in `package.json`, enabling arbitrary code execution. The vulnerability exists because npm's version specifier syntax is extremely flexible, and the SignalK code passes the version parameter directly to npm without sanitization. • https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66398 – Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-66398
01 Jan 2026 — ., `security.json`, `package.json`), leading to account takeover and Remote Code Execution (RCE). Version 2.19.0 patches this vulnerability. • https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-11157 – Arbitrary Code Execution in feast-dev/feast
https://notcve.org/view.php?id=CVE-2025-11157
01 Jan 2026 — A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. • https://github.com/feast-dev/feast/commit/b2e37ff37953b68ae833f6874ab5bc510a4ca5fb • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-69288 – Titra has Remote Code Execution in Admin Functionality
https://notcve.org/view.php?id=CVE-2025-69288
31 Dec 2025 — The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. • https://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68700 – RAGFlow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-68700
31 Dec 2025 — The intended design was to "automatically convert string results into Python objects," but this effectively executes attacker-controlled code. • https://github.com/infiniflow/ragflow/commit/7a344a32f9f83529e12ca12f40f2657eb79fe811 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-47747 – meterN 1.2.3 Authenticated Remote Code Execution via Admin Scripts
https://notcve.org/view.php?id=CVE-2021-47747
31 Dec 2025 — meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. • https://www.vulncheck.com/advisories/metern-authenticated-remote-code-execution-via-admin-scripts • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34468 – libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE
https://notcve.org/view.php?id=CVE-2025-34468
31 Dec 2025 — A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap). • https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2019-25262 – elinicksic Razgover Chat Message send.php cross site scripting
https://notcve.org/view.php?id=CVE-2019-25262
31 Dec 2025 — The attack may be performed from remote. • https://github.com/elinicksic/Razgover/commit/995dd89d0e3ec5522966724be23a5d58ca1bdac3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-15279 – FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-15279
31 Dec 2025 — FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-25-1184 • CWE-122: Heap-based Buffer Overflow •