
CVE-2025-23172
https://notcve.org/view.php?id=CVE-2025-23172
18 Jun 2025 — This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution. • https://security-portal.versa-networks.com/emailbulletins/68526e7bdc94d6b9f2faf71b • CWE-918: Server-Side Request Forgery (SSRF) •

CVE-2025-23173
https://notcve.org/view.php?id=CVE-2025-23173
18 Jun 2025 — This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. • https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-23121
https://notcve.org/view.php?id=CVE-2025-23121
18 Jun 2025 — A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user • https://www.veeam.com/kb4743 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-20234 – ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-20234
18 Jun 2025 — A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Clam AntiVirus. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html • CWE-125: Out-of-bounds Read •

CVE-2025-20260 – ClamAV PDF Scanning Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-20260
18 Jun 2025 — A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. ... Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process. • https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html • CWE-122: Heap-based Buffer Overflow •

CVE-2025-6217 – PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6217
18 Jun 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. An attacker can leverage this in conjunction with other vulnerabilities to

CVE-2025-26199
https://notcve.org/view.php?id=CVE-2025-26199
18 Jun 2025 — An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords. ... A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execut... • https://github.com/tansique-17/CVE-2025-26199 • CWE-319: Cleartext Transmission of Sensitive Information •

CVE-2025-46157
https://notcve.org/view.php?id=CVE-2025-46157
18 Jun 2025 — An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form • https://github.com/morphine009/CVE-2025-46157 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-6220 – Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options'
https://notcve.org/view.php?id=CVE-2025-6220
17 Jun 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/d0n601/CVE-2025-6220 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-6086 – CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6086
17 Jun 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/csv-me/trunk/csv_me_index.php#L49 • CWE-434: Unrestricted Upload of File with Dangerous Type •