CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2025-64995 – Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction
https://notcve.org/view.php?id=CVE-2025-64995
11 Dec 2025 — Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2025-64994 – Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction
https://notcve.org/view.php?id=CVE-2025-64994
11 Dec 2025 — The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: %CPEs: 3EXPL: 0CVE-2025-66474 – XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
https://notcve.org/view.php?id=CVE-2025-66474
10 Dec 2025 — Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/html}} injection, which attackers can exploit through RCE. Any user who can edit their own profile or any other document can execute arbitrary script macros, including Groovy and Python macros, which enable remote code execution as well as unrestricted read and write access to all wiki contents. • https://github.com/xwiki/xwiki-platform/commit/12b780ccd5bca5fc8f74f46648d7e02fa04fbc11 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 1CVE-2024-58283 – WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload
https://notcve.org/view.php?id=CVE-2024-58283
10 Dec 2025 — WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter. • https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 1CVE-2024-58282 – Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload
https://notcve.org/view.php?id=CVE-2024-58282
10 Dec 2025 — Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. • https://www.vulncheck.com/advisories/serendipity-remote-code-execution-via-authenticated-media-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: %CPEs: 1EXPL: 1CVE-2024-58281 – Dotclear 2.29 Remote Code Execution via Authenticated File Upload
https://notcve.org/view.php?id=CVE-2024-58281
10 Dec 2025 — Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. • https://www.vulncheck.com/advisories/dotclear-remote-code-execution-via-authenticated-file-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.6EPSS: %CPEs: 1EXPL: 1CVE-2024-58280 – CMSimple 5.15 Remote Command Execution via Extensions Configuration
https://notcve.org/view.php?id=CVE-2024-58280
10 Dec 2025 — CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server. • https://www.vulncheck.com/advisories/cmsimple-remote-command-execution-via-extensions-configuration • CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') •
CVSS: 8.6EPSS: %CPEs: 1EXPL: 1CVE-2024-58279 – appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload
https://notcve.org/view.php?id=CVE-2024-58279
10 Dec 2025 — appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. • https://www.vulncheck.com/advisories/apprain-cmf-authenticated-remote-code-execution-via-filemanager-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 1CVE-2020-36897 – QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-36897
10 Dec 2025 — QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server. • https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-remote-code-execution • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 1CVE-2020-36885 – Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi
https://notcve.org/view.php?id=CVE-2020-36885
10 Dec 2025 — Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service. • https://www.vulncheck.com/advisories/sony-ipela-network-camera-remote-stack-buffer-overflow-via-ftpclientcgi • CWE-787: Out-of-bounds Write •