
CVE-2014-125118 – eScan 5.5-2 Web Management Console Command Injection
https://notcve.org/view.php?id=CVE-2014-125118
25 Jul 2025 — Successful exploitation results in remote code execution. • https://www.exploit-db.com/exploits/32869 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •

CVE-2014-125117 – D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE
https://notcve.org/view.php?id=CVE-2014-125117
25 Jul 2025 — This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. • https://www.vulncheck.com/advisories/dlink-stack-based-buffer-overflow-rce • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •

CVE-2024-13976 – Commvault 11.20.0 - 11.36.0 Windows Maintenance Installer DLL Injection
https://notcve.org/view.php?id=CVE-2024-13976
25 Jul 2025 — A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. ... A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0,... • https://www.vulncheck.com/advisories/commvault-for-windows-maintenance-installer-dll-injection • CWE-427: Uncontrolled Search Path Element •

CVE-2025-45960
https://notcve.org/view.php?id=CVE-2025-45960
25 Jul 2025 — Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to... • https://github.com/pracharapol/CVE-2025-45960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-46198
https://notcve.org/view.php?id=CVE-2025-46198
25 Jul 2025 — Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to... • https://rapid-echo-f9c.notion.site/Grav-XSS-1dbaf8998a078072bb30ffc9b9e7ab4a?pvs=4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-46199
https://notcve.org/view.php?id=CVE-2025-46199
25 Jul 2025 — Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute... • https://rapid-echo-f9c.notion.site/Grav-XSS-25-04-21-1dcaf8998a078001a2eff3dc47974d6d?pvs=4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-29628
https://notcve.org/view.php?id=CVE-2025-29628
25 Jul 2025 — An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... • https://github.com/mselbrede/gardyn • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-29629
https://notcve.org/view.php?id=CVE-2025-29629
25 Jul 2025 — An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... • http://gardyn.com • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-29631
https://notcve.org/view.php?id=CVE-2025-29631
25 Jul 2025 — An issue in Gardyn 4 allows a remote attacker execute arbitrary code • http://gardyn.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-7742 – Authentication Bypass in LG Innotek Camera
https://notcve.org/view.php?id=CVE-2025-7742
24 Jul 2025 — This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-04 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •