CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36038 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2025-36038
25 Jun 2025 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. • https://www.ibm.com/support/pages/node/7237967 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52483 – Registrator.jl Vulnerable to Argument Injection and Command Injection
https://notcve.org/view.php?id=CVE-2025-52483
25 Jun 2025 — Alternatively, an argument injection is possible in the `gettreesha `function. either of these can then lead to a potential RCE. Users should upgrade immediately to v1.9.5 to receive a fix. • https://github.com/JuliaRegistries/Registrator.jl/pull/448 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52480 – Registrator.jl Argument Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-52480
25 Jun 2025 — This can then lead to a potential remote code execution. • https://github.com/JuliaRegistries/Registrator.jl/pull/449 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49153 – MICROSENS NMP Web+ Path Traversal
https://notcve.org/view.php?id=CVE-2025-49153
25 Jun 2025 — MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20282 – Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20282
25 Jun 2025 — A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. ... A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-20281 – Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20281
25 Jun 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. • https://github.com/abrewer251/CVE-2025-20281-2-Citrix-ISE-RCE • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6613 – PHPGurukul Hospital Management System manage-patient.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-6613
25 Jun 2025 — A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Vanshdhawan188/Stored-XSS-Hospital-Management/blob/main/Stored-XSS-Hospital-Management.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6659 – PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6659
25 Jun 2025 — PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacke... • https://www.pdf-xchange.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6649 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6649
25 Jun 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.pdf-xchange.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6651 – PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6651
25 Jun 2025 — PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacke... • https://www.pdf-xchange.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •