CVSS: 5.1EPSS: %CPEs: -EXPL: 0CVE-2025-3108 – Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-3108
06 Jul 2025 — This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. • https://github.com/run-llama/llama_index/commit/702e4340623092fac4cf2fe95eb9465034856da3 • CWE-1112: Incomplete Documentation of Program Execution •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-5333 – Unauthenticated Remote Code Execution in IT Management Suite
https://notcve.org/view.php?id=CVE-2025-5333
06 Jul 2025 — Remote attackers can execute arbitrary code in the context of the vulnerable service process. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35903 •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-49302 – WordPress Easy Stripe <= 1.1 - Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-49302
04 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/easy-stripe/vulnerability/wordpress-easy-stripe-1-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-52718 – WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-52718
04 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-2-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-43711
https://notcve.org/view.php?id=CVE-2025-43711
04 Jul 2025 — Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications. • https://tunnelblick.net/cCVE-2025-43711.html • CWE-459: Incomplete Cleanup •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2025-5691 – WordPress Migration, Backup, Staging – WPvivid Backup and Migration 0.9.116 Shell Upload
https://notcve.org/view.php?id=CVE-2025-5691
04 Jul 2025 — This allows authenticated attackers (Administrator-level and above) to upload arbitrary files to the server, potentially enabling remote code execution. • https://packetstorm.news/files/id/205244 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34089 – Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection
https://notcve.org/view.php?id=CVE-2025-34089
03 Jul 2025 — An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. ... This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the ... • https://apps.apple.com/us/app/remote-for-mac/id1086962925 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34087 – Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
https://notcve.org/view.php?id=CVE-2025-34087
03 Jul 2025 — An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the underlying operating system with the privileges of the Pi-hole service user. This behavior was present in the legacy AdminLTE interface and has since been patched in later versions. Existe una vulnerabilidad de inyec... • https://vulncheck.com/advisories/pihole-adminlte-whitelist-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34088 – Pandora FMS Authenticated Remote Code Execution via Ping Module
https://notcve.org/view.php?id=CVE-2025-34088
03 Jul 2025 — An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. • https://vulncheck.com/advisories/pandora-fms-rce-via-ping • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-34082 – IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-34082
03 Jul 2025 — An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. • https://kb.igel.com/security-safety/current/isn-2021-01-igel-os-remote-command-execution-vulne • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •