CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2025-6691 – SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion
https://notcve.org/view.php?id=CVE-2025-6691
08 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-6742 – SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion
https://notcve.org/view.php?id=CVE-2025-6742
08 Jul 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: %CPEs: 2EXPL: 0CVE-2025-0928 – Arbitrary executable upload via authenticated endpoint
https://notcve.org/view.php?id=CVE-2025-0928
08 Jul 2025 — This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. • https://github.com/juju/juju/security/advisories/GHSA-4vc8-wvhw-m5gv • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-47988 – Azure Monitor Agent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47988
08 Jul 2025 — Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47988 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: %CPEs: 26EXPL: 0CVE-2025-49742 – Windows Graphics Component Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49742
08 Jul 2025 — Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49742 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: %CPEs: 17EXPL: 0CVE-2025-49729 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49729
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49729 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: %CPEs: 13EXPL: 0CVE-2025-49724 – Windows Connected Devices Platform Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49724
08 Jul 2025 — Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49724 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-49714 – Visual Studio Code Python Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49714
08 Jul 2025 — Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49714 • CWE-501: Trust Boundary Violation •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-49705 – Microsoft PowerPoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49705
08 Jul 2025 — Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49705 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: %CPEs: 2EXPL: 0CVE-2025-49704 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49704
08 Jul 2025 — Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 • CWE-94: Improper Control of Generation of Code ('Code Injection') •