CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2025-27203 – Adobe Connect | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-27203
08 Jul 2025 — Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. • https://helpx.adobe.com/security/products/connect/apsb25-61.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43582 – Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-43582
08 Jul 2025 — Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. • https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-54.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49537 – ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
https://notcve.org/view.php?id=CVE-2025-49537
08 Jul 2025 — ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker. • https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53355 – mcp-server-kubernetes vulnerable to command injection in several tools
https://notcve.org/view.php?id=CVE-2025-53355
08 Jul 2025 — The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. • https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 12CVE-2025-48384 – Git allows arbitrary code execution through broken config quoting
https://notcve.org/view.php?id=CVE-2025-48384
08 Jul 2025 — An attacker could possibly use this issue to create or write to arbitrary files on the system. ... If a user were tricked into cloning a malicious Git repository, an attacker could possibly use this issue to run arbitrary commands. • https://github.com/acheong08/CVE-2025-48384 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-436: Interpretation Conflict •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-48385 – Git alllows arbitrary file writes via bundle-uri parameter injection
https://notcve.org/view.php?id=CVE-2025-48385
08 Jul 2025 — The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. ... An attacker could possibly use this issue to create or write to arbitrary files on the system. ... If a user were tricked into cloning a malicious Git repository, an attacker could possibly use this issue to run arbitrary commands. • https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 • CWE-73: External Control of File Name or Path CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30312 – Dimension | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-30312
08 Jul 2025 — Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/dimension/apsb25-63.html • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-6691 – SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion
https://notcve.org/view.php?id=CVE-2025-6691
08 Jul 2025 — The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661 • CWE-73: External Control of File Name or Path •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0928 – Arbitrary executable upload via authenticated endpoint
https://notcve.org/view.php?id=CVE-2025-0928
08 Jul 2025 — In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. • https://github.com/juju/juju/security/advisories/GHSA-4vc8-wvhw-m5gv • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47988 – Azure Monitor Agent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47988
08 Jul 2025 — Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47988 • CWE-94: Improper Control of Generation of Code ('Code Injection') •