CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-66499 – Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-66499
19 Dec 2025 — An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code. • https://www.foxit.com/support/security-bulletins.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-66495 – Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-66495
19 Dec 2025 — When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code. • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-66494 – Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-66494
19 Dec 2025 — A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code. • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-66493 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-66493
19 Dec 2025 — When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code. • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: -EPSS: %CPEs: 1EXPL: 1CVE-2025-13307 – Ocean Modal Window < 2.3.3 - Editor+ Remote Code Execution via Modal Conditions
https://notcve.org/view.php?id=CVE-2025-13307
19 Dec 2025 — The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. ... This leads to remote code execution. • https://wpscan.com/vulnerability/710de342-6fb9-47bd-a40b-7b74fc3c181b •
CVSS: 9.3EPSS: %CPEs: 4EXPL: 0CVE-2025-14733 – WatchGuard Firebox iked Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-14733
19 Dec 2025 — An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027 • CWE-787: Out-of-bounds Write •
CVSS: 8.7EPSS: %CPEs: -EXPL: 0CVE-2025-67843
https://notcve.org/view.php?id=CVE-2025-67843
19 Dec 2025 — A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file. • https://kibty.town/blog/mintlify • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.1EPSS: %CPEs: 1EXPL: 0CVE-2025-68398 – Weblate has git config file overwrite vulnerability that leads to remote code execution
https://notcve.org/view.php?id=CVE-2025-68398
18 Dec 2025 — Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue. • https://github.com/WeblateOrg/weblate/pull/17330 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: %CPEs: 1EXPL: 0CVE-2025-64676 – Microsoft Purview eDiscovery Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-64676
18 Dec 2025 — .//' in Microsoft Purview allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64676 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-65037 – Azure Container Apps Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-65037
18 Dec 2025 — Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65037 • CWE-94: Improper Control of Generation of Code ('Code Injection') •