CVSS: 8.3EPSS: %CPEs: -EXPL: 0CVE-2025-7742 – Authentication Bypass in LG Innotek Camera
https://notcve.org/view.php?id=CVE-2025-7742
24 Jul 2025 — This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-04 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.9EPSS: %CPEs: -EXPL: 0CVE-2025-22165
https://notcve.org/view.php?id=CVE-2025-22165
24 Jul 2025 — This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. • https://jira.atlassian.com/browse/SRCTREE-8217 •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2025-5831 – Droip <= 2.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-5831
24 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/dd129829-9682-4def-a07f-66f9178eeb77?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-7975 – Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7975
24 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. ... An attacker can leverage this vulnerability to execute code in the context of the current user. •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-7976 – Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7976
24 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 3CVE-2016-15044 – Kaltura < 11.1.0-2 PHP Object Injection RCE
https://notcve.org/view.php?id=CVE-2016-15044
23 Jul 2025 — A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process. • https://www.vulncheck.com/advisories/kaltura-php-object-injection-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7640 – hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-7640
23 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://www.wordfence.com/threat-intel/vulnerabilities/id/38c23f59-8332-49ab-a219-1f5fac8a283c?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7437 – Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-7437
23 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc5c05d-51b7-4aee-bb4e-366ded45c4d8?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7852 – WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function
https://notcve.org/view.php?id=CVE-2025-7852
23 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb11092-4367-4f51-9dd7-22fbd655a03f?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8069 – Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client
https://notcve.org/view.php?id=CVE-2025-8069
23 Jul 2025 — As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. ... An attacker can leverage this vulnerability to escalate privileges and e... • https://aws.amazon.com/security/security-bulletins/AWS-2025-014 • CWE-276: Incorrect Default Permissions •