CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-46581 – ZTE ZXCDN product has a Struts RCE Vulnerability
https://notcve.org/view.php?id=CVE-2025-46581
14 Oct 2025 — ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3747693852734546826 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: %CPEs: -EXPL: 0CVE-2025-9713
https://notcve.org/view.php?id=CVE-2025-9713
13 Oct 2025 — Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-11673 – PiExtract |SOOP-CLM - Hidden Functionality
https://notcve.org/view.php?id=CVE-2025-11673
13 Oct 2025 — SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server. • https://www.twcert.org.tw/en/cp-139-10422-e06c3-2.html • CWE-912: Hidden Functionality •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-9976 – OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
https://notcve.org/view.php?id=CVE-2025-9976
13 Oct 2025 — An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9976 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31998 – HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information
https://notcve.org/view.php?id=CVE-2025-31998
12 Oct 2025 — An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6439 – WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-6439
10 Oct 2025 — This makes it possible for unauthenticated attackers to delete all files in an arbitrary directory on the server, which can lead to remote code execution, data loss, or site unavailability. • https://codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-61927 – Happy-DOM has VM Context Escape
https://notcve.org/view.php?id=CVE-2025-61927
10 Oct 2025 — Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE (Remote Code Execution) attacks. • https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-21058
https://notcve.org/view.php?id=CVE-2025-21058
10 Oct 2025 — Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10 •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21048
https://notcve.org/view.php?id=CVE-2025-21048
10 Oct 2025 — Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10 •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-61871
https://notcve.org/view.php?id=CVE-2025-61871
10 Oct 2025 — A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. • https://jvn.jp/en/jp/JVN69099112 • CWE-428: Unquoted Search Path or Element •