
CVE-2025-49302 – WordPress Easy Stripe <= 1.1 - Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-49302
04 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/easy-stripe/vulnerability/wordpress-easy-stripe-1-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-52718 – WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-52718
04 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-2-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-27358 – WordPress Frontend File Manager plugin <= 23.2 - Content Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-27358
04 Jul 2025 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mndpsingh287 Frontend File Manager allows Code Injection. This issue affects Frontend File Manager: from n/a through 23.2. • https://patchstack.com/database/wordpress/plugin/wp-file-manager/vulnerability/wordpress-frontend-file-manager-plugin-23-2-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVE-2025-7053 – Cockpit save cross site scripting
https://notcve.org/view.php?id=CVE-2025-7053
04 Jul 2025 — A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. • https://github.com/Cockpit-HQ/Cockpit/commit/bdcd5e3bc651c0839c7eea807f3eb6af856dbc76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-43711
https://notcve.org/view.php?id=CVE-2025-43711
04 Jul 2025 — Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications. • https://tunnelblick.net/cCVE-2025-43711.html • CWE-459: Incomplete Cleanup •

CVE-2025-5691 – WordPress Migration, Backup, Staging – WPvivid Backup and Migration 0.9.116 Shell Upload
https://notcve.org/view.php?id=CVE-2025-5691
04 Jul 2025 — WordPress Migration, Backup, Staging – WPvivid Backup and Migration plugin versions 0.9.116 and below are vulnerable to arbitrary file uploads due to missing file type validation in the wpvivid_upload_import_files function. This allows authenticated attackers (Administrator-level and above) to upload arbitrary files to the server, potentially enabling remote code execution. • https://packetstorm.news/files/id/205244 •

CVE-2025-34089 – Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection
https://notcve.org/view.php?id=CVE-2025-34089
03 Jul 2025 — An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. ... This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privile... • https://vulncheck.com/advisories/remote-for-mac-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •

CVE-2025-34087 – Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
https://notcve.org/view.php?id=CVE-2025-34087
03 Jul 2025 — An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the underlying operating system with the privileges of the Pi-hole service user. This behavior was present in the legacy AdminLTE interface and has since been patched in later versions. Existe una vulnerabilidad de inyec... • https://vulncheck.com/advisories/pihole-adminlte-whitelist-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-34088 – Pandora FMS Authenticated Remote Code Execution via Ping Module
https://notcve.org/view.php?id=CVE-2025-34088
03 Jul 2025 — An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. • https://vulncheck.com/advisories/pandora-fms-rce-via-ping • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-34082 – IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-34082
03 Jul 2025 — An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. • https://kb.igel.com/security-safety/current/isn-2021-01-igel-os-remote-command-execution-vulne • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •