CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54382 – Cherry Studio RCE Vulnerability Disclosure
https://notcve.org/view.php?id=CVE-2025-54382
13 Aug 2025 — In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. • https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-8913 – WellChoose|Organization Portal System - Local File Inclusion
https://notcve.org/view.php?id=CVE-2025-8913
13 Aug 2025 — Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. • https://www.twcert.org.tw/tw/cp-132-10321-3cae5-1.html • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-55345 – Unsafe symlink following in restricted workspace-write sandbox leads to RCE
https://notcve.org/view.php?id=CVE-2025-55345
13 Aug 2025 — Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory. • https://github.com/openai/codex/pull/1705 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8880 – Debian Security Advisory 5976-1
https://notcve.org/view.php?id=CVE-2025-8880
13 Aug 2025 — Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-4277 – Tcg2Smm: improper input validation may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2025-4277
13 Aug 2025 — Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. • https://www.insyde.com/security-pledge/sa-2025005 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-4276 – UsbCoreDxe: improper input validation may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2025-4276
13 Aug 2025 — UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. • https://www.insyde.com/security-pledge/sa-2025005 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-8614 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-8614
13 Aug 2025 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-51691
https://notcve.org/view.php?id=CVE-2025-51691
13 Aug 2025 — Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. • https://marktwo.app/try-it-now • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-52385
https://notcve.org/view.php?id=CVE-2025-52385
13 Aug 2025 — An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module • https://cwe.mitre.org/data/definitions/78.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-45317
https://notcve.org/view.php?id=CVE-2025-45317
13 Aug 2025 — A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. • https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/modules/ImportModule.php#L28 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •