
CVE-2025-25270 – Remote Code Execution via Unauthenticated Configuration Manipulation
https://notcve.org/view.php?id=CVE-2025-25270
08 Jul 2025 — An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVE-2025-42967 – Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)
https://notcve.org/view.php?id=CVE-2025-42967
08 Jul 2025 — SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application. • https://me.sap.com/notes/3618955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-53540 – CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-53540
07 Jul 2025 — This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1. ... Esto permite a un atacante cargar y ejecutar firmware arbitrario, lo que resulta en la ejecución remota de código (RCE). Esta vulnerabilidad se corrigió en la versión 3.2.1. • https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2025-53536 – Roo Code allows Potential Remote Code Execution via .vscode/settings.json
https://notcve.org/view.php?id=CVE-2025-53536
07 Jul 2025 — Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. ... Roo Code es un agente de codificación autónomo basado en IA. Antes de la versión 3.22.6, si la víctima tenía la opción "Escribir" aprobada automáticamente, un atacante con la capacidad de enviar solicitudes al agente podía escribir en los archiv... • https://github.com/RooCodeInc/Roo-Code/commit/1be6fce1a6864ae63e8160b0666db2c647f2dbba • CWE-552: Files or Directories Accessible to External Parties •

CVE-2025-6746 – WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2025-6746
07 Jul 2025 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php files can be uploaded and included. • https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-7327 – Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion
https://notcve.org/view.php?id=CVE-2025-7327
07 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3316262%40business-reviews-wp%2Ftrunk&old=3201057%40business-reviews-wp%2Ftrunk&sfp_email=&sfph_mail= • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-32023 – Redis allows out of bounds writes in hyperloglog commands leading to RCE
https://notcve.org/view.php?id=CVE-2025-32023
07 Jul 2025 — From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. • https://github.com/leesh3288/CVE-2025-32023 • CWE-680: Integer Overflow to Buffer Overflow •

CVE-2025-45479
https://notcve.org/view.php?id=CVE-2025-45479
07 Jul 2025 — Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. • https://github.com/YX-hueimie/CVE-Issues/blob/main/CVE-2025-45479.md •

CVE-2025-6812 – Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6812
07 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppServer service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •

CVE-2025-7223 – INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7223
07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •