CVSS: 9.6EPSS: %CPEs: -EXPL: 0CVE-2025-6514 – OS command injection in mcp-remote when connecting to untrusted MCP servers
https://notcve.org/view.php?id=CVE-2025-6514
09 Jul 2025 — mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL • https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34083 – WordPress AIT CSV Import/Export Plugin ≤ 3.0.3 Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2025-34083
09 Jul 2025 — The plugin exposes an upload handler at upload-handler.php that allows arbitrary file upload via a multipart/form-data POST request. This endpoint does not enforce authentication or content-type validation, enabling attackers to upload malicious PHP code directly to the server. • https://vulncheck.com/advisories/wordpress-ait-csv-import-export-plugin-rce • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34077 – WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
https://notcve.org/view.php?id=CVE-2025-34077
09 Jul 2025 — An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. ... Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server. • https://vulncheck.com/advisories/wordpress-pie-register-plugin-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34085 – WordPress Simple File List Plugin < 4.2.3 Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-34085
09 Jul 2025 — An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. • https://vulncheck.com/advisories/wordpress-simple-file-list-plugin-rce • CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47098 – InCopy | Access of Uninitialized Pointer (CWE-824)
https://notcve.org/view.php?id=CVE-2025-47098
08 Jul 2025 — InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/incopy/apsb25-59.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47097 – InCopy | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2025-47097
08 Jul 2025 — InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/incopy/apsb25-59.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47099 – InCopy | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-47099
08 Jul 2025 — InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/incopy/apsb25-59.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47126 – Adobe Framemaker | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-47126
08 Jul 2025 — Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb25-66.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47128 – Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2025-47128
08 Jul 2025 — Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb25-66.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47131 – Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-47131
08 Jul 2025 — Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb25-66.html • CWE-122: Heap-based Buffer Overflow •