CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4657
https://notcve.org/view.php?id=CVE-2025-4657
17 Jul 2025 — A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code. • https://iknow.lenovo.com.cn/detail/430155 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3753 – Unsafe use of eval() method in rosbag tool
https://notcve.org/view.php?id=CVE-2025-3753
17 Jul 2025 — A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This flaw enables attackers to craft and execute arbitrary Python code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41921 – Unsafe use of eval() method in rostopic echo tool
https://notcve.org/view.php?id=CVE-2024-41921
17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41148 – Unsafe use of eval() method in rostopic hz tool
https://notcve.org/view.php?id=CVE-2024-41148
17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39835 – Unsafe use of eval() method in roslaunch tool
https://notcve.org/view.php?id=CVE-2024-39835
17 Jul 2025 — A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This flaw allows attackers to craft and execute arbitrary Python code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39289 – Unsafe use of eval() method in rosparam tool
https://notcve.org/view.php?id=CVE-2024-39289
17 Jul 2025 — A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This flaw allowed attackers to craft and execute arbitrary Python code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7433
https://notcve.org/view.php?id=CVE-2025-7433
17 Jul 2025 — A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23266
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. • https://nvidia.custhelp.com/app/answers/detail/a_id/5659 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54068 – Livewire vulnerable to remote command execution during property update hydration
https://notcve.org/view.php?id=CVE-2025-54068
17 Jul 2025 — In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. • https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-7748 – ZCMS Create Article Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-7748
17 Jul 2025 — This vulnerability affects unknown code of the component Create Article Page. • https://github.com/falling-snow1/CVE2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •