CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30023
https://notcve.org/view.php?id=CVE-2025-30023
11 Jul 2025 — The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. • https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6057 – WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6057
11 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php#L85 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 8CVE-2025-25257 – FortiWeb SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-25257
https://packetstorm.news/files/id/206268 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2790 – G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2790
11 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDTunerSvc service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2025-6058 – WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6058
11 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://packetstorm.news/files/id/206492 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-7222 – Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7222
11 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53515 – Advantech iView SQL Injection
https://notcve.org/view.php?id=CVE-2025-53515
10 Jul 2025 — A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). ... Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52577 – Advantech iView SQL Injection
https://notcve.org/view.php?id=CVE-2025-52577
10 Jul 2025 — A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). ... Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53475 – Advantech iView SQL Injection
https://notcve.org/view.php?id=CVE-2025-53475
10 Jul 2025 — A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). ... Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 20EXPL: 0CVE-2025-3946 – Incorrect response generation during FTEB protocol processing
https://notcve.org/view.php?id=CVE-2025-3946
10 Jul 2025 — An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of packets leading to remote code execution. ... An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of packets leading to remote code execution. • https://process.honeywell.com • CWE-430: Deployment of Wrong Handler •