
CVE-2025-4657
https://notcve.org/view.php?id=CVE-2025-4657
17 Jul 2025 — A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code. • https://iknow.lenovo.com.cn/detail/430155 • CWE-122: Heap-based Buffer Overflow •

CVE-2024-41921 – Unsafe use of eval() method in rostopic echo tool
https://notcve.org/view.php?id=CVE-2024-41921
17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVE-2024-41148 – Unsafe use of eval() method in rostopic hz tool
https://notcve.org/view.php?id=CVE-2024-41148
17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVE-2025-23266
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. • https://nvidia.custhelp.com/app/answers/detail/a_id/5659 • CWE-426: Untrusted Search Path •

CVE-2025-7643 – Attachment Manager <= 2.1.2 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-7643
17 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://wordpress.org/plugins/attachment-manager • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2025-53928 – MaxKB has RCE in MCP call
https://notcve.org/view.php?id=CVE-2025-53928
17 Jul 2025 — Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. • https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2023-47356
https://notcve.org/view.php?id=CVE-2023-47356
17 Jul 2025 — Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds. • https://gist.github.com/night-0p/8d414bfef1cb16539da67e122d91e8da •

CVE-2025-53867
https://notcve.org/view.php?id=CVE-2025-53867
17 Jul 2025 — Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. • http://www.webbatch.com •

CVE-2025-6222 – WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6222
17 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/woocommerce-refund-and-exchange/17810207#item-description__changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-7438 – MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-7438
17 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab970f5-35d1-43e9-891c-87a2a3e464c6?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •