CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53098 – Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
https://notcve.org/view.php?id=CVE-2025-53098
27 Jun 2025 — Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. • https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5310 – Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-5310
27 Jun 2025 — Files can be created, deleted, or modified, potentially leading to remote code execution. ... Files can be created, deleted, or modified, potentially leading to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6755 – Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter
https://notcve.org/view.php?id=CVE-2025-6755
27 Jun 2025 — /wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution. • https://plugins.trac.wordpress.org/browser/game-users-share-buttons/tags/1.3.0/game-users-share-buttons.php#L638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53257 – WordPress Gmedia Photo Gallery plugin <= 1.23.0 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-53257
27 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code... • https://patchstack.com/database/wordpress/plugin/grand-media/vulnerability/wordpress-gmedia-photo-gallery-plugin-1-23-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53259 – WordPress Hotel Booking plugin <= 3.7 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-53259
27 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in... • https://patchstack.com/database/wordpress/plugin/nd-booking/vulnerability/wordpress-hotel-booking-plugin-3-7-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53260 – WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-53260
27 Jun 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/file-manager-plugin-for-wordpress/vulnerability/wordpress-file-manager-plugin-for-wordpress-plugin-7-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53281 – WordPress WPB Category Slider for WooCommerce plugin <= 1.71 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-53281
27 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPBean WPB Category Slider for WooCommerce allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve ... • https://patchstack.com/database/wordpress/plugin/wpb-woocommerce-category-slider/vulnerability/wordpress-wpb-category-slider-for-woocommerce-plugin-1-71-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53339 – WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-53339
27 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code... • https://patchstack.com/database/wordpress/plugin/devnex-addons-for-elementor/vulnerability/wordpress-devnex-addons-for-elementor-plugin-1-0-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6794 – Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6794
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6802 – Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6802
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •