CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-26074
https://notcve.org/view.php?id=CVE-2025-26074
30 Jun 2025 — Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. • https://medium.com/@mrcnry/cve-2025-26074-remote-code-execution-in-conductor-oss-via-inline-javascript-injection-5ce3cb651cfb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-45931
https://notcve.org/view.php?id=CVE-2025-45931
30 Jun 2025 — An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file • http://d-link.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28905 – Heap buffer overflow in picserver
https://notcve.org/view.php?id=CVE-2023-28905
28 Jun 2025 — A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28909 – Integer Overflow Leading to MTU Bypass
https://notcve.org/view.php?id=CVE-2023-28909
28 Jun 2025 — Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53098 – Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
https://notcve.org/view.php?id=CVE-2025-53098
27 Jun 2025 — Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. • https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5310 – Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-5310
27 Jun 2025 — Files can be created, deleted, or modified, potentially leading to remote code execution. ... Files can be created, deleted, or modified, potentially leading to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6755 – Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter
https://notcve.org/view.php?id=CVE-2025-6755
27 Jun 2025 — /wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution. • https://plugins.trac.wordpress.org/browser/game-users-share-buttons/tags/1.3.0/game-users-share-buttons.php#L638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53260 – WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-53260
27 Jun 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/file-manager-plugin-for-wordpress/vulnerability/wordpress-file-manager-plugin-for-wordpress-plugin-7-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6794 – Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6794
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6802 – Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6802
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •