CVSS: 10.0EPSS: 0%CPEs: -EXPL: 2CVE-2025-34036 – Shenzhen TVT CCTV-DVR Command Injection
https://notcve.org/view.php?id=CVE-2025-34036
24 Jun 2025 — This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. • https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-37743
https://notcve.org/view.php?id=CVE-2024-37743
24 Jun 2025 — An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component. • https://github.com/mmz-001/knowledge_gpt/blob/main/knowledge_gpt/main.py • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2025-52562 – Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-52562
23 Jun 2025 — An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace parameters. • https://github.com/ConvoyPanel/panel/commit/f8d6202f3e4912b65dbd9f80ba625576944ab36c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2172
https://notcve.org/view.php?id=CVE-2025-2172
23 Jun 2025 — Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames • https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2171
https://notcve.org/view.php?id=CVE-2025-2171
23 Jun 2025 — Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN • https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2025-6445 – ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6445
23 Jun 2025 — ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can levera... • https://docs.servicestack.net/releases/v8_06#reported-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-47029
https://notcve.org/view.php?id=CVE-2023-47029
23 Jun 2025 — An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component • https://drive.google.com/file/d/1oX5uKnWGiYMaBxnBuqPiOA53XLxv1Ef4/view?usp=sharing • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47030
https://notcve.org/view.php?id=CVE-2023-47030
23 Jun 2025 — An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. • https://drive.google.com/file/d/1ujUcB8XEs78WwWzs8cmD-u1Twqi10yEh/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47032
https://notcve.org/view.php?id=CVE-2023-47032
23 Jun 2025 — Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. • https://drive.google.com/file/d/1rTKc2nxEc40VTItJiJ9moZ5VrHG3xQuj/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48978
https://notcve.org/view.php?id=CVE-2023-48978
23 Jun 2025 — An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. • https://drive.google.com/file/d/13JrkDcVtcQFepeGoG8roBZ1xFy7iBx1R/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •