CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-53759 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-53759
12 Aug 2025 — Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53759 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-53741 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-53741
12 Aug 2025 — Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53741 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-53730 – Microsoft Office Visio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-53730
12 Aug 2025 — Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53730 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-49563 – Illustrator | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-49563
12 Aug 2025 — Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb25-74.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-49564 – Illustrator | Stack-based Buffer Overflow (CWE-121)
https://notcve.org/view.php?id=CVE-2025-49564
12 Aug 2025 — Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb25-74.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-55164 – content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
https://notcve.org/view.php?id=CVE-2025-55164
12 Aug 2025 — content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves disabling prototype method in NodeJS, neutralizing all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this fea... • https://github.com/helmetjs/content-security-policy-parser/security/advisories/GHSA-w2cq-g8g3-gm83 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.1EPSS: %CPEs: 1EXPL: 0CVE-2025-55010 – Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events
https://notcve.org/view.php?id=CVE-2025-55010
12 Aug 2025 — Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. • https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: %CPEs: 1EXPL: 0CVE-2025-8297
https://notcve.org/view.php?id=CVE-2025-8297
12 Aug 2025 — Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297?language=en_US • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: %CPEs: 1EXPL: 0CVE-2025-8296
https://notcve.org/view.php?id=CVE-2025-8296
12 Aug 2025 — SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 29EXPL: 0CVE-2025-40759
https://notcve.org/view.php?id=CVE-2025-40759
12 Aug 2025 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-493396.html • CWE-502: Deserialization of Untrusted Data •