CVSS: 6.3EPSS: %CPEs: 1EXPL: 0CVE-2025-8905 – Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call
https://notcve.org/view.php?id=CVE-2025-8905
14 Aug 2025 — The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. ... This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server which is limited to arbitrary functions without any user supplied parameters. • https://www.wordfence.com/threat-intel/vulnerabilities/id/cd4dc8ab-792b-41ff-a7b9-77a11c02d91b?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-7778 – Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function
https://notcve.org/view.php?id=CVE-2025-7778
14 Aug 2025 — The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/24f31bbf-883f-4903-847a-7bfc3e45654c?source=cve • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-6679 – Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6679
14 Aug 2025 — The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2e294f-904b-4674-8baf-d3a9a260d634?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: %CPEs: 2EXPL: 0CVE-2025-20265 – Cisco Secure Firewall Management Center Software Radius Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20265
14 Aug 2025 — A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.... A successful exploit could allow the attacker to execute commands at a high privilege level. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 •
CVSS: 6.4EPSS: %CPEs: 94EXPL: 0CVE-2025-20235 – Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20235
14 Aug 2025 — A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-JtNmcusP •
CVSS: 9.8EPSS: %CPEs: 5EXPL: 0CVE-2025-7353 – Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7353
14 Aug 2025 — A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1732.html • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 10.0EPSS: %CPEs: 4EXPL: 0CVE-2025-8714 – PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
https://notcve.org/view.php?id=CVE-2025-8714
14 Aug 2025 — Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. • https://www.postgresql.org/support/security/CVE-2025-8714 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-8943 – Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers
https://notcve.org/view.php?id=CVE-2025-8943
14 Aug 2025 — The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. ... This combination allows unauthenticated network attackers to execute unsandboxed OS commands. • https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578 •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-55346 – Unintended dynamic code execution leads to remote code execution by network attackers
https://notcve.org/view.php?id=CVE-2025-55346
14 Aug 2025 — User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request. • https://research.jfrog.com/vulnerabilities/flowise-js-injection-remote-code-exection-jfsa-2025-001379925 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-50515
https://notcve.org/view.php?id=CVE-2025-50515
14 Aug 2025 — An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. • https://www.yuque.com/lcc316/df0kgm/bfzpfvb6yaat45nt •