CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-49670 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49670
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49670 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-49657 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49657
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49657 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-48824 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-48824
08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48824 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6771 – OS command injection in Ivanti Endpoint Manager
https://notcve.org/view.php?id=CVE-2025-6771
08 Jul 2025 — OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-6770 – OS command injection in Ivanti Endpoint Manager
https://notcve.org/view.php?id=CVE-2025-6770
08 Jul 2025 — OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53372 – node-code-sandbox-mcp has a Sandbox Escape via Command Injection
https://notcve.org/view.php?id=CVE-2025-53372
08 Jul 2025 — node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. ... Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. • https://github.com/alfonsograziano/node-code-sandbox-mcp/commit/e461a74ecb189b268daac0d972c467b49b2abdd2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4828 – Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-4828
08 Jul 2025 — This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40735
https://notcve.org/view.php?id=CVE-2025-40735
08 Jul 2025 — The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. • https://cert-portal.siemens.com/productcert/html/ssa-078892.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-25270 – Remote Code Execution via Unauthenticated Configuration Manipulation
https://notcve.org/view.php?id=CVE-2025-25270
08 Jul 2025 — An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 9.9EPSS: 0%CPEs: 11EXPL: 0CVE-2025-42967 – Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)
https://notcve.org/view.php?id=CVE-2025-42967
08 Jul 2025 — SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application. • https://me.sap.com/notes/3618955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •