CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5042 – RFA File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-5042
22 Jul 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0013 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-34141 – ETQ Reliance CG Reflected Cross-Site Scripting in `SQLConverterServlet`
https://notcve.org/view.php?id=CVE-2025-34141
22 Jul 2025 — A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1. • https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-34142 – ETQ Reliance CG XML External Entity (XXE) Injection in SSO SAML Handler
https://notcve.org/view.php?id=CVE-2025-34142
22 Jul 2025 — An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external entity references. This could enable attackers to retrieve sensitive files or perform server-side request forgery (SSRF). The issue was addressed by disabling external entity processing for the affected XML parse... • https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-34143 – ETQ Reliance CG Authentication Bypass via Trailing Space RCE
https://notcve.org/view.php?id=CVE-2025-34143
22 Jul 2025 — Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. • https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7977 – Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7977
22 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7978 – Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7978
22 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7979 – Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7979
22 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7980 – Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7980
22 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7981 – Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7981
22 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7982 – Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7982
22 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •