
CVE-2025-7656 – Debian Security Advisory 5963-1
https://notcve.org/view.php?id=CVE-2025-7656
15 Jul 2025 — Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html •

CVE-2025-7042 – Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-7042
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042 • CWE-416: Use After Free •

CVE-2025-6974 – Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6974
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6974 • CWE-457: Use of Uninitialized Variable •

CVE-2025-6973 – Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6973
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6973 • CWE-416: Use After Free •

CVE-2025-6972 – Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6972
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6972 • CWE-416: Use After Free •

CVE-2025-6971 – Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6971
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6971 • CWE-416: Use After Free •

CVE-2025-0831 – Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-0831
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-0831 • CWE-125: Out-of-bounds Read •

CVE-2025-34107 – WinaXe 7.7 FTP Client Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-34107
15 Jul 2025 — When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user. • http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt • CWE-121: Stack-based Buffer Overflow •

CVE-2025-34111 – Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE
https://notcve.org/view.php?id=CVE-2025-34111
15 Jul 2025 — An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. • https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-34113 – Tiki Wiki CMS Authenticated Command Injection in Calendar Module
https://notcve.org/view.php?id=CVE-2025-34113
15 Jul 2025 — When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user. • https://www.acunetix.com/vulnerabilities/web/tiki-wiki-cms-remote-code-execution-via-calendar-module • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •