CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6755 – Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter
https://notcve.org/view.php?id=CVE-2025-6755
27 Jun 2025 — /wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution. • https://plugins.trac.wordpress.org/browser/game-users-share-buttons/tags/1.3.0/game-users-share-buttons.php#L638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53260 – WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-53260
27 Jun 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/file-manager-plugin-for-wordpress/vulnerability/wordpress-file-manager-plugin-for-wordpress-plugin-7-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6794 – Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6794
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6802 – Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6802
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6810 – Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6810
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6811 – Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6811
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6808 – Marvell QConvergeConsole readObjectFromConfigFile Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6808
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6809 – Marvell QConvergeConsole readNICParametersFromFile Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6809
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 1CVE-2025-34049 – OptiLink ONT1GEW GPON Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-34049
26 Jun 2025 — An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. • https://vulncheck.com/advisories/optilink-ont1gew-router-rce • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34046 – Fanwei E-Office Unauthenticated File Upload
https://notcve.org/view.php?id=CVE-2025-34046
26 Jun 2025 — Successful exploitation could enable remote code execution on the affected server, leading to complete compromise of the web application and potentially the underlying system. • https://github.com/M0ge/CNVD-2021-49104-Fanwei-Eoffice-fileupload/blob/main/eoffice_fileupload.py • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •