CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7503
https://notcve.org/view.php?id=CVE-2025-7503
11 Jul 2025 — This vulnerability allows for remote code execution and privilege escalation. • https://github.com/AounShAh/Research-on-v380-cctv-ip-camera • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6423 – BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6423
11 Jul 2025 — This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/96170b82-6ed9-4a52-8592-944163cdd3cf?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30023
https://notcve.org/view.php?id=CVE-2025-30023
11 Jul 2025 — The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. • https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2025-25257 – FortiWeb SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-25257
https://packetstorm.news/files/id/206268 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2790 – G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2790
11 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDTunerSvc service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6057 – WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6057
11 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php#L85 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6058 – WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6058
11 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-booking-type-controller.php#L455 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7222 – Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7222
11 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53515 – Advantech iView SQL Injection
https://notcve.org/view.php?id=CVE-2025-53515
10 Jul 2025 — A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). ... Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52577 – Advantech iView SQL Injection
https://notcve.org/view.php?id=CVE-2025-52577
10 Jul 2025 — A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). ... Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •