CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53503 – Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53503
10 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Junk Files Cleanup functionality. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-12951 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5392 – GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-5392
10 Jul 2025 — The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. ... This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. • https://www.wordfence.com/threat-intel/vulnerabilities/id/fe8723a7-bbb1-41a0-b222-3cf4eb44cd64?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53371 – DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs
https://notcve.org/view.php?id=CVE-2025-53371
10 Jul 2025 — SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e. • https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e • CWE-400: Uncontrolled Resource Consumption CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5040 – RTE File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-5040
10 Jul 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0012 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5037 – RFA File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-5037
10 Jul 2025 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0012 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7650 – Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4
https://notcve.org/view.php?id=CVE-2024-7650
10 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. ... Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0844620 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-44961
https://notcve.org/view.php?id=CVE-2025-44961
10 Jul 2025 — Remote Code Execution (CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')). ... A user could supply other commands instead of an IP address to achieve RCE. •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-44960
https://notcve.org/view.php?id=CVE-2025-44960
10 Jul 2025 — Remote Code Execution (CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')). ... An attacker could supply a malicious payload to result in code execution. •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-44954
https://notcve.org/view.php?id=CVE-2025-44954
10 Jul 2025 — Unauthenticated RCE in SSH due to Hardcoded Default Public/Private Keys (CWE-1394: Use of Default Cryptographic Key). •
CVSS: 3.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27889
https://notcve.org/view.php?id=CVE-2025-27889
10 Jul 2025 — Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker. • https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812 • CWE-15: External Control of System or Configuration Setting •