CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-52337
https://notcve.org/view.php?id=CVE-2025-52337
19 Aug 2025 — An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file. • https://cwe.mitre.org/data/definitions/434.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-46269 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-46269
18 Aug 2025 — An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-52584 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-52584
18 Aug 2025 — An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-41392 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2025-41392
18 Aug 2025 — An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-53705 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2025-53705
18 Aug 2025 — An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53192 – Apache Commons OGNL: Expression Injection leading to RCE
https://notcve.org/view.php?id=CVE-2025-53192
18 Aug 2025 — Attackers may be able to bypass the restrictions by leveraging class objects that are not covered by the blocklist and potentially achieve arbitrary code execution. • https://lists.apache.org/thread/2gj8tjl6vz949nnp3yxz3okm9xz2k7sp • CWE-146: Improper Neutralization of Expression/Command Delimiters •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8723 – Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook
https://notcve.org/view.php?id=CVE-2025-8723
18 Aug 2025 — The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary PHP into the codebase, achieving remote code execution. Cloudflare Image Resizing versions 1.5.6 and below suffer from an unauthenticated remote ... • https://packetstorm.news/files/id/208593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55300 – Komari Allows Cross-site WebSocket Hijacking
https://notcve.org/view.php?id=CVE-2025-55300
18 Aug 2025 — Any third party website can send requests to the terminal websocket endpoint with browser's cookies, resulting in remote code execution. • https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9060 – MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role
https://notcve.org/view.php?id=CVE-2025-9060
15 Aug 2025 — A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. ... A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. • https://github.com/klsecservices/Advisories/blob/master/K-MSoft-2025-002.md • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6079 – School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6079
15 Aug 2025 — The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level acces... • https://www.wordfence.com/threat-intel/vulnerabilities/id/d872ec33-6284-495c-b894-41fe7b40b63c?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •