CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23312
https://notcve.org/view.php?id=CVE-2025-23312
26 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23307
https://notcve.org/view.php?id=CVE-2025-23307
26 Aug 2025 — NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23307 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-55298 – ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2025-55298
26 Aug 2025 — An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645 • CWE-123: Write-what-where Condition CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1994 – IBM Cognos Command Center code execution
https://notcve.org/view.php?id=CVE-2025-1994
26 Aug 2025 — IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. • https://www.ibm.com/support/pages/node/7242159 • CWE-242: Use of Inherently Dangerous Function •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9491 – Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-9491
26 Aug 2025 — Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-25-148 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 0CVE-2025-7775 – Citrix NetScaler Memory Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-7775
26 Aug 2025 — Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIP... • https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9190 – TCC Bypass via misconfigured Node fuses in Cursor
https://notcve.org/view.php?id=CVE-2025-9190
26 Aug 2025 — The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. • https://afine.com/threat-of-tcc-bypasses-on-macos/#cooking-cursor-app • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-53813 – TCC Bypass via misconfigured Node fuses in Nozbe
https://notcve.org/view.php?id=CVE-2025-53813
26 Aug 2025 — The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions. ... The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions. • https://cert.pl/en/posts/2025/08/tcc-bypass • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53811 – TCC Bypass via misconfigured Node fuses in Mosh-Pro
https://notcve.org/view.php?id=CVE-2025-53811
26 Aug 2025 — The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions. The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions. • https://cert.pl/en/posts/2025/08/tcc-bypass • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53419 – COMMGR Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-53419
26 Aug 2025 — Delta Electronics COMMGR has Code Injection vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ISPSoft. ... The issue results from insufficient restriction of dynamically-managed code. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00014_COMMGR%20Stack-based%20Buffer%20Overflow%20and%20Code%20Injection%20Vulnerabilities.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •