CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-46581 – ZTE ZXCDN product has a Struts RCE Vulnerability
https://notcve.org/view.php?id=CVE-2025-46581
14 Oct 2025 — ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3747693852734546826 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: %CPEs: -EXPL: 0CVE-2025-9713
https://notcve.org/view.php?id=CVE-2025-9713
13 Oct 2025 — Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11675 – Ragic|Enterprise Cloud Database - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-11675
13 Oct 2025 — Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-10424-4e42c-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-11673 – PiExtract |SOOP-CLM - Hidden Functionality
https://notcve.org/view.php?id=CVE-2025-11673
13 Oct 2025 — SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server. • https://www.twcert.org.tw/en/cp-139-10422-e06c3-2.html • CWE-912: Hidden Functionality •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-9976 – OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
https://notcve.org/view.php?id=CVE-2025-9976
13 Oct 2025 — An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9976 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31998 – HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information
https://notcve.org/view.php?id=CVE-2025-31998
12 Oct 2025 — An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6439 – WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-6439
10 Oct 2025 — This makes it possible for unauthenticated attackers to delete all files in an arbitrary directory on the server, which can lead to remote code execution, data loss, or site unavailability. • https://codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-61927 – Happy-DOM has VM Context Escape
https://notcve.org/view.php?id=CVE-2025-61927
10 Oct 2025 — Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE (Remote Code Execution) attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted JavaScript code within the Happy DOM VM Context, it may escape the VM and get access to process level functionality. ... This may not be obvious to the consumer of Happy DOM and can potentially put the user at risk if untrusted code is executed with... • https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-21058
https://notcve.org/view.php?id=CVE-2025-21058
10 Oct 2025 — Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10 •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21048
https://notcve.org/view.php?id=CVE-2025-21048
10 Oct 2025 — Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10 •