CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34522 – Arcserve UDP < 10.2 Pre-Authentication Heap Overflow
https://notcve.org/view.php?id=CVE-2025-34522
27 Aug 2025 — Improper bounds checking allows an attacker to overwrite heap memory, potentially leading to application crashes or remote code execution. • https://support.arcserve.com/s/article/Important-Security-Bulletin-Must-read-for-all-Arcserve-UDP-customers-on-all-versions • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34159 – Coolify Docker Compose Directive Injection in Application Deployment Workflow
https://notcve.org/view.php?id=CVE-2025-34159
27 Aug 2025 — Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. • https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34161 – Coolify Git Repository Field Command Injection in Project Deployment Workflow
https://notcve.org/view.php?id=CVE-2025-34161
27 Aug 2025 — Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. ... By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host sy... • https://packetstorm.news/files/id/208950 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 336EXPL: 0CVE-2025-20342 – Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20342
27 Aug 2025 — An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk •
CVSS: 5.5EPSS: 0%CPEs: 103EXPL: 0CVE-2025-20296 – Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20296
27 Aug 2025 — A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-xss-Ey6XhyPS •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-30057 – Authenticated RCE with uhcapache privileges in ConvertToPDF
https://notcve.org/view.php?id=CVE-2025-30057
27 Aug 2025 — In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. • https://cert.pl/en/posts/2025/08/CVE-2025-2313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-30056 – Calling system commands via RunCommand
https://notcve.org/view.php?id=CVE-2025-30056
27 Aug 2025 — This allows an attacker to execute arbitrary code on the system. • https://cert.pl/en/posts/2025/08/CVE-2025-2313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-30055 – Conditional RCE via the "system" function
https://notcve.org/view.php?id=CVE-2025-30055
27 Aug 2025 — If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter. • https://cert.pl/en/posts/2025/08/CVE-2025-2313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2313 – RCE via Print.pl in uhcPrintServerPrint
https://notcve.org/view.php?id=CVE-2025-2313
27 Aug 2025 — In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code via the "CopyCounter" parameter. • https://cert.pl/en/posts/2025/08/CVE-2025-2313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7812 – Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection
https://notcve.org/view.php?id=CVE-2025-7812
27 Aug 2025 — This makes it possible for unauthenticated attackers to update settings and execute remote code when the Server command execution setting is enabled via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://www.wordfence.com/threat-intel/vulnerabilities/id/b9e499c4-e683-4587-b0ab-7f4ecde94e41?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •