CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13089 – Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
https://notcve.org/view.php?id=CVE-2024-13089
10 Jun 2025 — An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. ... This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability. • https://security.nozominetworks.com/NN-2025:1-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27819 – Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration
https://notcve.org/view.php?id=CVE-2025-27819
10 Jun 2025 — In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. • https://kafka.apache.org/cve-list • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27818 – Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration
https://notcve.org/view.php?id=CVE-2025-27818
10 Jun 2025 — A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0). This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify c... • https://kafka.apache.org/cve-list • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1041 – Avaya Call Management System RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-1041
10 Jun 2025 — An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. • https://support.avaya.com/css/public/documents/101093084 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4954 – Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4954
10 Jun 2025 — The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server The Axle Demo Importer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the af... • https://wpscan.com/vulnerability/673f35ff-e1d5-4099-86e7-8b6e3e410ef8 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31919 – WordPress Spare <= 1.7 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-31919
10 Jun 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://patchstack.com/database/wordpress/theme/spare/vulnerability/wordpress-spare-1-7-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-32714 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32714
10 Jun 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-33075 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-33075
10 Jun 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43573 – Acrobat Reader | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2025-43573
10 Jun 2025 — Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb25-57.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43574 – Acrobat Reader | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2025-43574
10 Jun 2025 — Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb25-57.html • CWE-416: Use After Free •