CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53948 – Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery
https://notcve.org/view.php?id=CVE-2023-53948
19 Dec 2025 — Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. • https://www.vulncheck.com/advisories/lilac-reloaded-for-nagios-remote-code-execution-via-autodiscovery • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53946 – Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-53946
19 Dec 2025 — Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions. • https://www.arcsoft.com • CWE-428: Unquoted Search Path or Element •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53945 – BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation
https://notcve.org/view.php?id=CVE-2023-53945
19 Dec 2025 — BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. • https://www.vulncheck.com/advisories/brainycp-remote-code-execution-via-authenticated-crontab-manipulation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-14962 – code-projects Simple Stock System chatuser.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-14962
19 Dec 2025 — A flaw has been found in code-projects Simple Stock System 1.0. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66580 – Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-66580
19 Dec 2025 — The application allows the execution of arbitrary JavaScript via `javascript:`. An attacker can exploit this to inject a malicious Model Context Protocol (MCP) server configuration, leading to Remote Code Execution (RCE) on the victim's machine when the node is clicked. • https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-xv8m-365j-x6h2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 47%CPEs: 1EXPL: 3CVE-2025-34433 – AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt
https://notcve.org/view.php?id=CVE-2025-34433
19 Dec 2025 — AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid(). ... The recovered salt can then be used to encrypt a malicious payload supplied to a notification API endpoint that evaluates attacker-controlled input, resulting in arbitrary code execution as the web server user. • https://www.vulncheck.com/advisories/avideo-unauthenticated-rce-via-predictable-installation-salt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13329 – File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data
https://notcve.org/view.php?id=CVE-2025-13329
19 Dec 2025 — The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them on the affected site's server which may make remote code execution possible. • https://wordpress.org/plugins/file-uploader-for-woocommerce • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-14946 – Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri
https://notcve.org/view.php?id=CVE-2025-14946
19 Dec 2025 — This could lead to arbitrary code execution with the privileges of the user running libnbd. • https://access.redhat.com/security/cve/CVE-2025-14946 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 40%CPEs: 4EXPL: 0CVE-2025-14733 – WatchGuard Firebox Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-14733
19 Dec 2025 — An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. ... This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14490 – RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-14490
19 Dec 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-25-1166 • CWE-749: Exposed Dangerous Method or Function •