
CVE-2025-52471 – ESP-NOW Integer Underflow Vulnerability Advisory
https://notcve.org/view.php?id=CVE-2025-52471
24 Jun 2025 — On systems without a memory protection scheme, this behavior could potentially be used to achieve remote code execution (RCE) on the target device. • https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409 • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVE-2025-2566 – Deserialization of Untrusted Data in Kaleris Navis N4
https://notcve.org/view.php?id=CVE-2025-2566
24 Jun 2025 — An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-01 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-36537 – Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
https://notcve.org/view.php?id=CVE-2025-36537
24 Jun 2025 — Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management. ... An attacker must first obtain the ability to execute low-privileged code on the target ... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-34040 – Zhiyuan OA System Path Traversal File Upload
https://notcve.org/view.php?id=CVE-2025-34040
24 Jun 2025 — Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. • https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-34036 – Shenzhen TVT CCTV-DVR Command Injection
https://notcve.org/view.php?id=CVE-2025-34036
24 Jun 2025 — This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. • https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2024-37743
https://notcve.org/view.php?id=CVE-2024-37743
24 Jun 2025 — An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component. • https://github.com/mmz-001/knowledge_gpt/blob/main/knowledge_gpt/main.py • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-49448 – WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2025-49448
24 Jun 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/fw-food-menu/vulnerability/wordpress-fw-food-menu-6-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2025-52562 – Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-52562
23 Jun 2025 — An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace parameters. • https://github.com/ConvoyPanel/panel/commit/f8d6202f3e4912b65dbd9f80ba625576944ab36c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-2172
https://notcve.org/view.php?id=CVE-2025-2172
23 Jun 2025 — Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames • https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-2171
https://notcve.org/view.php?id=CVE-2025-2171
23 Jun 2025 — Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN • https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller • CWE-307: Improper Restriction of Excessive Authentication Attempts •