
CVE-2025-31701
https://notcve.org/view.php?id=CVE-2025-31701
23 Jul 2025 — ., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2025-31700
https://notcve.org/view.php?id=CVE-2025-31700
23 Jul 2025 — ., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2024-53286
https://notcve.org/view.php?id=CVE-2024-53286
23 Jul 2025 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_16 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-7766 – Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2025-7766
22 Jul 2025 — Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed. Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed. • https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM • CWE-611: Improper Restriction of XML External Entity Reference •

CVE-2025-54072 – yt-dlp allows `--exec` command injection when using placeholder on Windows
https://notcve.org/view.php?id=CVE-2025-54072
22 Jul 2025 — In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. • https://github.com/yt-dlp/yt-dlp/commit/959ac99e98c3215437e573c22d64be42d361e863 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-54140 – pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
https://notcve.org/view.php?id=CVE-2025-54140
22 Jul 2025 — This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. • https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2025-54138 – LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE
https://notcve.org/view.php?id=CVE-2025-54138
22 Jul 2025 — LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpoint that permits Remote File Inclusion based on user-controlled POST input. ... This pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this include path — for example, via symlink, development misconfiguration, or chained vulnerabilities. • https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-8011 – Debian Security Advisory 5965-1
https://notcve.org/view.php?id=CVE-2025-8011
22 Jul 2025 — Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2025-8010 – Debian Security Advisory 5965-1
https://notcve.org/view.php?id=CVE-2025-8010
22 Jul 2025 — Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2025-5042 – RFA File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-5042
22 Jul 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0013 • CWE-125: Out-of-bounds Read •