CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40598
https://notcve.org/view.php?id=CVE-2025-40598
23 Jul 2025 — A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33077 – IBM Engineering Systems Design Rhapsody code execution
https://notcve.org/view.php?id=CVE-2025-33077
23 Jul 2025 — A local user could overflow the buffer and execute arbitrary code on the system. • https://www.ibm.com/support/pages/node/7240375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33076 – IBM Engineering Systems Design Rhapsody code execution
https://notcve.org/view.php?id=CVE-2025-33076
23 Jul 2025 — A local user could overflow the buffer and execute arbitrary code on the system. • https://www.ibm.com/support/pages/node/7240368 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-10141 – Xdebug Remote Debugger Unauthenticated OS Command Execution
https://notcve.org/view.php?id=CVE-2015-10141
23 Jul 2025 — An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). • https://xdebug.org • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2017-20198 – DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
https://notcve.org/view.php?id=CVE-2017-20198
23 Jul 2025 — When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. • https://www.vulncheck.com/advisories/dcos-marathon-docker-mount-abuse-rce • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-25114 – osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
https://notcve.org/view.php?id=CVE-2018-25114
23 Jul 2025 — A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. ... An unauthenticated attacker can invoke install_4.php, submit crafted POST data, and inject arbitrary PHP code into the configure.php file. • https://www.vulncheck.com/advisories/oscommerce-installer-unauth-config-file-injection-php-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4978 – Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2022-4978
23 Jul 2025 — Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. ... An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arb... • https://www.vulncheck.com/advisories/steppschuh-remote-control-server-unauth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40599
https://notcve.org/view.php?id=CVE-2025-40599
23 Jul 2025 — A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-8070 – Windows service registered with an unquoted ImagePath vulnerability in the system registry
https://notcve.org/view.php?id=CVE-2025-8070
23 Jul 2025 — This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. ... This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. • https://www.asustor.com/security/security_advisory_detail?id=47 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-31701
https://notcve.org/view.php?id=CVE-2025-31701
23 Jul 2025 — ., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •