CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6230
https://notcve.org/view.php?id=CVE-2025-6230
17 Jul 2025 — A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute code with elevated permissions. • https://support.lenovo.com/us/en/product_security/LEN-196648 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3753 – Unsafe use of eval() method in rosbag tool
https://notcve.org/view.php?id=CVE-2025-3753
17 Jul 2025 — A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This flaw enables attackers to craft and execute arbitrary Python code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41921 – Unsafe use of eval() method in rostopic echo tool
https://notcve.org/view.php?id=CVE-2024-41921
17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41148 – Unsafe use of eval() method in rostopic hz tool
https://notcve.org/view.php?id=CVE-2024-41148
17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39835 – Unsafe use of eval() method in roslaunch tool
https://notcve.org/view.php?id=CVE-2024-39835
17 Jul 2025 — A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This flaw allows attackers to craft and execute arbitrary Python code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39289 – Unsafe use of eval() method in rosparam tool
https://notcve.org/view.php?id=CVE-2024-39289
17 Jul 2025 — A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This flaw allowed attackers to craft and execute arbitrary Python code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-23266 – NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of hooks. ... An attacker can leverage this vulnerability to escalate privileges and execute a... • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •
CVSS: 9.4EPSS: 1%CPEs: 1EXPL: 0CVE-2025-7643 – Attachment Manager <= 2.1.2 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-7643
17 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://wordpress.org/plugins/attachment-manager • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53928 – MaxKB has RCE in MCP call
https://notcve.org/view.php?id=CVE-2025-53928
17 Jul 2025 — MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue. • https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-53909 – mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template
https://notcve.org/view.php?id=CVE-2025-53909
17 Jul 2025 — The template rendering engine allows template expressions that may be abused to execute code in certain contexts. • https://github.com/mailcow/mailcow-dockerized/commit/8c5f6c03214a4b2bdbf3c78932f860eee949012b • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •