CVSS: 9.2EPSS: %CPEs: -EXPL: 0CVE-2025-30085 – Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!
https://notcve.org/view.php?id=CVE-2025-30085
11 Jun 2025 — Remote code execution vulnerability in RSForm! • https://rsjoomla.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 0CVE-2025-5012 – Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media'
https://notcve.org/view.php?id=CVE-2025-5012
11 Jun 2025 — The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-3-06-june-2025 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: %CPEs: 1EXPL: 0CVE-2025-6002 – VirtueMart - Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2025-6002
11 Jun 2025 — Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration. • https://blog.blacklanternsecurity.com/p/doomla-zero-days • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.3EPSS: %CPEs: 1EXPL: 0CVE-2025-49148 – ClipShare Server Allows Local Privilege Escalation via DLL Hijacking
https://notcve.org/view.php?id=CVE-2025-49148
11 Jun 2025 — A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. • https://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1244 – Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft
https://notcve.org/view.php?id=CVE-2024-1244
11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://pentraze.com • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1243 – Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft
https://notcve.org/view.php?id=CVE-2024-1243
11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5959
https://notcve.org/view.php?id=CVE-2025-5959
11 Jun 2025 — Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-30399 – dotnet: .NET Remote Code Vulnerability
https://notcve.org/view.php?id=CVE-2025-30399
11 Jun 2025 — A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files. ... An attacker could possibly use this issue to execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-30399 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49091
https://notcve.org/view.php?id=CVE-2025-49091
11 Jun 2025 — KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. ... In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code. • https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-5475 – Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-5475
11 Jun 2025 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. •