CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20284 – Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20284
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20283 – Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20283
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.4EPSS: 1%CPEs: 1EXPL: 0CVE-2025-7712 – Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-7712
16 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://mangabooth.com/product/wp-manga-theme-madara • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2025-34300 – Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
https://notcve.org/view.php?id=CVE-2025-34300
16 Jul 2025 — A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands. A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands. • https://slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-survey-software-youve-never-heard-of • CWE-20: Improper Input Validation CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7673
https://notcve.org/view.php?id=CVE-2025-7673
16 Jul 2025 — A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request. • https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5396 – Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-5396
16 Jul 2025 — The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. • https://themeforest.net/item/alone-charity-multipurpose-nonprofit-wordpress-theme/15019939 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 2CVE-2025-52367 – PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-52367
16 Jul 2025 — PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. • https://packetstorm.news/files/id/207138 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49828 – Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-49828
15 Jul 2025 — Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. • https://github.com/cyberark/conjur/releases/tag/v1.21.2 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-41239 – vSockets information-disclosure vulnerability
https://notcve.org/view.php?id=CVE-2025-41239
15 Jul 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the host. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6043 – Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-6043
15 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. • https://plugins.trac.wordpress.org/browser/wp-malware-removal/tags/16.8/wpmr.php#L4570 • CWE-862: Missing Authorization •