CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10044 – MobileCartly 1.0 savepage.php Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2012-10044
08 Aug 2025 — This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/mobilecartly_upload_exec.rb • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10052 – EGallery 1.2 Arbitrary PHP File Upload
https://notcve.org/view.php?id=CVE-2012-10052
08 Aug 2025 — The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context. • http://web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 3CVE-2012-10047 – Cyclope Employee Surveillance Solution v6.x SQL Injection
https://notcve.org/view.php?id=CVE-2012-10047
08 Aug 2025 — Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. ... This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context. • https://www.vulncheck.com/advisories/cyclope-employee-surveillance-solution-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10050 – CuteFlow <= 2.11.2 Arbitrary File Upload RCE
https://notcve.org/view.php?id=CVE-2012-10050
08 Aug 2025 — These files are then accessible via the web server, enabling remote code execution. • https://www.vulncheck.com/advisories/cuteflow-arbitrary-file-upload-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2010-10013 – AjaXplorer < 2.6 checkInstall.php Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2010-10013
08 Aug 2025 — An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. ... By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process. • https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8356 – Path Traversal leading to RCE
https://notcve.org/view.php?id=CVE-2025-8356
08 Aug 2025 — This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-025-013-for-Freeflow-Core-8.0.5.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2025-8088 – RARLAB WinRAR Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2025-8088
08 Aug 2025 — A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. ... A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. ... This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files. • https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 • CWE-35: Path Traversal: '.../ •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-48913 – Apache CXF: Untrusted JMS configuration can lead to RCE
https://notcve.org/view.php?id=CVE-2025-48913
08 Aug 2025 — If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. • https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: -EXPL: 2CVE-2025-34152 – Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
https://notcve.org/view.php?id=CVE-2025-34152
07 Aug 2025 — Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes. ... Shenzhen Aitemi M300 Wi-Fi Repeater suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/207963 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-50675
https://notcve.org/view.php?id=CVE-2025-50675
07 Aug 2025 — By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation. • https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main • CWE-732: Incorrect Permission Assignment for Critical Resource •