CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8854 – bullet3 VHACD utility: stack-based buffer overflow in OFF parser (LoadOFF)
https://notcve.org/view.php?id=CVE-2025-8854
11 Aug 2025 — Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function. • https://github.com/bulletphysics/bullet3/blob/master/Extras/VHACD/test/src/main_vhacd.cpp#L472 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-45146
https://notcve.org/view.php?id=CVE-2025-45146
11 Aug 2025 — This vulnerability allows attackers to execute arbitrary code via supplying crafted data. • https://github.com/EDMPL/Vulnerability-Research/blob/main/CVE-2025-45146/README.md • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8418 – B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2025-8418
11 Aug 2025 — This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible. • https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124 • CWE-862: Missing Authorization •
CVSS: 3.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52136
https://notcve.org/view.php?id=CVE-2025-52136
10 Aug 2025 — In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the "emqx ctl plugins allow" CLI command. • https://github.com/ricardojoserf/emqx-RCE • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-54417 – Craft contains a theoretical bypass for CVE-2025-23209
https://notcve.org/view.php?id=CVE-2025-54417
09 Aug 2025 — Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". • https://github.com/craftcms/cms/commit/a19d46be78a9ca1ea474012a10e97bed0d787f57 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10049 – WebPageTest Arbitrary PHP File Upload RCE
https://notcve.org/view.php?id=CVE-2012-10049
08 Aug 2025 — This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context. • https://www.vulncheck.com/advisories/webpagetest-arbitrary-php-file-upload-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2012-10041 – WAN Emulator v2.3 Command Execution
https://notcve.org/view.php?id=CVE-2012-10041
08 Aug 2025 — WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. ... An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root. • https://www.vulncheck.com/advisories/wan-emulator-command-execution • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 4CVE-2012-10053 – Simple Web Server Connection Header Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-10053
08 Aug 2025 — When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. • http://ghostinthelab.wordpress.com/2012/07/19/simplewebserver-2-2-rc2-remote-buffer-overflow-exploit • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2012-10042 – CMS 1.0 Arbitrary File Upload RCE
https://notcve.org/view.php?id=CVE-2012-10042
08 Aug 2025 — Once uploaded, the file can be executed remotely, resulting in full remote code execution. • https://www.vulncheck.com/advisories/sflog-cms-arbitrary-file-upload-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10036 – Project Pier <= 0.8.8 Arbitrary File Upload RCE
https://notcve.org/view.php?id=CVE-2012-10036
08 Aug 2025 — The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. The uploaded file is stored with a predictable suffix and can be executed by requesting its URL, resulting in remote code executi... • https://www.vulncheck.com/advisories/project-pier-arbitrary-file-upload-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •