CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33076 – IBM Engineering Systems Design Rhapsody code execution
https://notcve.org/view.php?id=CVE-2025-33076
23 Jul 2025 — A local user could overflow the buffer and execute arbitrary code on the system. • https://www.ibm.com/support/pages/node/7240368 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2017-20198 – DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
https://notcve.org/view.php?id=CVE-2017-20198
23 Jul 2025 — When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. • https://www.vulncheck.com/advisories/dcos-marathon-docker-mount-abuse-rce • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-25114 – osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
https://notcve.org/view.php?id=CVE-2018-25114
23 Jul 2025 — A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. ... An unauthenticated attacker can invoke install_4.php, submit crafted POST data, and inject arbitrary PHP code into the configure.php file. • https://www.vulncheck.com/advisories/oscommerce-installer-unauth-config-file-injection-php-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4978 – Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2022-4978
23 Jul 2025 — Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without ... • https://remote-control-collection.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40599
https://notcve.org/view.php?id=CVE-2025-40599
23 Jul 2025 — A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-8070 – Windows service registered with an unquoted ImagePath vulnerability in the system registry
https://notcve.org/view.php?id=CVE-2025-8070
23 Jul 2025 — This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. ... This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. • https://www.asustor.com/security/security_advisory_detail?id=47 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-31701
https://notcve.org/view.php?id=CVE-2025-31701
23 Jul 2025 — ., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-31700
https://notcve.org/view.php?id=CVE-2025-31700
23 Jul 2025 — ., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53286
https://notcve.org/view.php?id=CVE-2024-53286
23 Jul 2025 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_16 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7766 – Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2025-7766
22 Jul 2025 — Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed. Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed. • https://github.com/byteReaper77/CVE-2025-7766 • CWE-611: Improper Restriction of XML External Entity Reference •