CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-44960
https://notcve.org/view.php?id=CVE-2025-44960
10 Jul 2025 — Remote Code Execution (CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')). ... An attacker could supply a malicious payload to result in code execution. •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-44954
https://notcve.org/view.php?id=CVE-2025-44954
10 Jul 2025 — Unauthenticated RCE in SSH due to Hardcoded Default Public/Private Keys (CWE-1394: Use of Default Cryptographic Key). •
CVSS: 3.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27889
https://notcve.org/view.php?id=CVE-2025-27889
10 Jul 2025 — Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker. • https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812 • CWE-15: External Control of System or Configuration Setting •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47811
https://notcve.org/view.php?id=CVE-2025-47811
10 Jul 2025 — In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through the web console or the task scheduler), and they are automatically executed in the highest possible privilege context. Because administrative users of the web interface are not necessarily also system administrators, one might argue that this is a privilege escala... • https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2025-47813
https://notcve.org/view.php?id=CVE-2025-47813
10 Jul 2025 — loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. • https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50121 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-50121
10 Jul 2025 — CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. ... A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created ov... • https://packetstorm.news/files/id/206243 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50125 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2025-50125
10 Jul 2025 — CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. A CWE-918: Server-Side Req... • https://packetstorm.news/files/id/206247 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7401 – Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php
https://notcve.org/view.php?id=CVE-2025-7401
10 Jul 2025 — The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to read from or write to arbitrary files on the affected site's server which may make the exposure of sensitive information or remote code execution possible. • https://codecanyon.net/item/premium-age-verification-restriction-for-wordpress/11300327 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6376 – Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6376
09 Jul 2025 — A remote code execution security issue exists in the Rockwell Automation Arena®. ... Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. ... A remote cod... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6377 – Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6377
09 Jul 2025 — A remote code execution security issue exists in the Rockwell Automation Arena®. ... Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. ... A remote cod... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html • CWE-20: Improper Input Validation •