CVSS: 8.8EPSS: %CPEs: 17EXPL: 0CVE-2025-49672 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49672
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49672 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: %CPEs: 17EXPL: 0CVE-2025-49670 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49670
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49670 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: %CPEs: 17EXPL: 0CVE-2025-49657 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49657
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49657 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: %CPEs: 17EXPL: 0CVE-2025-48824 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-48824
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48824 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.2EPSS: %CPEs: -EXPL: 0CVE-2025-6771 – OS command injection in Ivanti Endpoint Manager
https://notcve.org/view.php?id=CVE-2025-6771
08 Jul 2025 — OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: %CPEs: -EXPL: 0CVE-2025-6770 – OS command injection in Ivanti Endpoint Manager
https://notcve.org/view.php?id=CVE-2025-6770
08 Jul 2025 — OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.6EPSS: %CPEs: 1EXPL: 0CVE-2025-53372 – node-code-sandbox-mcp has a Sandbox Escape via Command Injection
https://notcve.org/view.php?id=CVE-2025-53372
08 Jul 2025 — node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. ... Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. • https://github.com/alfonsograziano/node-code-sandbox-mcp/commit/e461a74ecb189b268daac0d972c467b49b2abdd2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-4828 – Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-4828
08 Jul 2025 — This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-25270 – Remote Code Execution via Unauthenticated Configuration Manipulation
https://notcve.org/view.php?id=CVE-2025-25270
08 Jul 2025 — An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20686
https://notcve.org/view.php?id=CVE-2025-20686
08 Jul 2025 — This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-122: Heap-based Buffer Overflow •