CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-49657 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49657
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49657 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-48824 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-48824
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48824 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21165 – Substance3D - Designer | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-21165
08 Jul 2025 — Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-62.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21166 – Substance3D - Designer | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-21166
08 Jul 2025 — Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-62.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21164 – Substance3D - Designer | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-21164
08 Jul 2025 — Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-62.html • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6771 – OS command injection in Ivanti Endpoint Manager
https://notcve.org/view.php?id=CVE-2025-6771
08 Jul 2025 — OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-6770 – OS command injection in Ivanti Endpoint Manager
https://notcve.org/view.php?id=CVE-2025-6770
08 Jul 2025 — OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53372 – node-code-sandbox-mcp has a Sandbox Escape via Command Injection
https://notcve.org/view.php?id=CVE-2025-53372
08 Jul 2025 — node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code exec... • https://github.com/alfonsograziano/node-code-sandbox-mcp/commit/e461a74ecb189b268daac0d972c467b49b2abdd2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7182 – itsourcecode Student Transcript Processing System edit.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7182
08 Jul 2025 — A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Catcheryp/CVE/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-7345 – Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf
https://notcve.org/view.php?id=CVE-2025-7345
08 Jul 2025 — When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2025-7345 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •