CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32990 – Gnutls: vulnerability in gnutls certtool template parsing
https://notcve.org/view.php?id=CVE-2025-32990
09 Jul 2025 — A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. ... A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly obtain sensitive information. • https://access.redhat.com/security/cve/CVE-2025-32990 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32989 – Gnutls: vulnerability in gnutls sct extension parsing
https://notcve.org/view.php?id=CVE-2025-32989
09 Jul 2025 — A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. ... A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly obtain sensitive information. • https://access.redhat.com/security/cve/CVE-2025-32989 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-6395 – Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
https://notcve.org/view.php?id=CVE-2025-6395
09 Jul 2025 — A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. ... A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly obtain sensitive information. • https://access.redhat.com/security/cve/CVE-2025-6395 • CWE-476: NULL Pointer Dereference •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53355 – mcp-server-kubernetes vulnerable to command injection in several tools
https://notcve.org/view.php?id=CVE-2025-53355
08 Jul 2025 — Successful exploitation can lead to remote code execution under the server process's privileges. • https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 18CVE-2025-48384 – Git allows arbitrary code execution through broken config quoting
https://notcve.org/view.php?id=CVE-2025-48384
08 Jul 2025 — Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodu... • https://github.com/admin-ping/CVE-2025-48384-RCE • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-436: Interpretation Conflict •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-6691 – SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion
https://notcve.org/view.php?id=CVE-2025-6691
08 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661 • CWE-73: External Control of File Name or Path •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0928 – Arbitrary executable upload via authenticated endpoint
https://notcve.org/view.php?id=CVE-2025-0928
08 Jul 2025 — This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. • https://github.com/juju/juju/security/advisories/GHSA-4vc8-wvhw-m5gv • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47988 – Azure Monitor Agent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47988
08 Jul 2025 — Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47988 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-49729 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49729
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49729 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2025-49724 – Windows Connected Devices Platform Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49724
08 Jul 2025 — Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49724 • CWE-416: Use After Free •