CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2012-10062 – XAMPP WebDAV PHP Upload Authentication Bypass RCE
https://notcve.org/view.php?id=CVE-2012-10062
30 Aug 2025 — A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. ... This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server. • https://www.vulncheck.com/advisories/xampp-webdav-php-upload-auth-bypass-rce • CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 3CVE-2010-10017 – WM Downloader 3.1.2.2 Buffer Overflow via Malformed M3U File
https://notcve.org/view.php?id=CVE-2010-10017
30 Aug 2025 — The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/wm_downloader_m3u.rb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2009-20010 – Dogfood CRM spell.php RCE
https://notcve.org/view.php?id=CVE-2009-20010
30 Aug 2025 — This allows attackers to inject arbitrary shell commands and execute them on the server. • https://www.vulncheck.com/advisories/dogfood-crm-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2009-20011 – ContentKeeper Web Appliance < 125.10 RCE via mimencode
https://notcve.org/view.php?id=CVE-2009-20011
30 Aug 2025 — The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. ... The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. • https://www.vulncheck.com/advisories/contentkeeper-web-appliance-rce-via-mimencode • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2005-10004 – Cacti graph_view.php RCE via graph_start Parameter Injection
https://notcve.org/view.php?id=CVE-2005-10004
30 Aug 2025 — This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity. • https://www.vulncheck.com/advisories/cacti-graph-view-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 2CVE-2009-20009 – Belkin Bulldog Plus Web Service Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-20009
30 Aug 2025 — When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/belkin_bulldog.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-20001 – activePDF WebGrabber ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-20001
30 Aug 2025 — By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58159 – WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-58159
29 Aug 2025 — Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. ... Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wj2c-237g-cgqp • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-9377 – Authenticated RCE via Parental Control command injection
https://notcve.org/view.php?id=CVE-2025-9377
29 Aug 2025 — The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. ... The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. • https://www.tp-link.com/us/support/faq/4365 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29894 – Qsync Central
https://notcve.org/view.php?id=CVE-2025-29894
29 Aug 2025 — An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later An SQL injection vulnerability ha... • https://www.qnap.com/en/security-advisory/qsa-25-22 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •