CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-7921 – ASKEY|modem - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-7921
21 Jul 2025 — Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and potentially execute arbitrary code. • https://www.twcert.org.tw/tw/cp-132-10268-1583b-1.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7916 – Simopro Technology|WinMatrix3 - Insecure Deserialization
https://notcve.org/view.php?id=CVE-2025-7916
21 Jul 2025 — WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized contents. • https://www.twcert.org.tw/en/cp-139-10257-e88f3-2.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-44658
https://notcve.org/view.php?id=CVE-2025-44658
21 Jul 2025 — This may lead to remote code execution (RCE), information disclosure, or full system compromise. • https://gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 2CVE-2025-51858 – ChatPlayground.ai Cross Site Scripting / Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2025-51858
21 Jul 2025 — Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via a crafted SVG file contents sent through the chat component. • https://packetstorm.news/files/id/207291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 2CVE-2025-51863 – ChatGPTUtil Cross Site Scripting
https://notcve.org/view.php?id=CVE-2025-51863
21 Jul 2025 — Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface. • https://packetstorm.news/files/id/207285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7645 – Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion
https://notcve.org/view.php?id=CVE-2025-7645
21 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, when an administrator deletes the submission, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/894b43ed-143d-4c0b-afd1-05fcd6fa5018?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-46123
https://notcve.org/view.php?id=CVE-2025-46123
21 Jul 2025 — An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller. • http://commscope.com • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2025-53771 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-53771
20 Jul 2025 — Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. • https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-287: Improper Authentication CWE-707: Improper Neutralization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2025-7876 – Metasoft 美特软件 MetaCRM download.jsp AnalyzeParam deserialization
https://notcve.org/view.php?id=CVE-2025-7876
20 Jul 2025 — A vulnerability classified as critical was found in Metasoft 美特软件 MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. The manipulation of the argument p leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-RCE-3.md • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 23CVE-2025-53770 – Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2025-53770
20 Jul 2025 — Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. ... • https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE • CWE-502: Deserialization of Untrusted Data •