CVSS: 7.2EPSS: %CPEs: 1EXPL: 0CVE-2025-5322 – VikRentCar Car Rental Management System <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-5322
03 Jul 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: %CPEs: 1EXPL: 0CVE-2025-5961 – Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-5961
03 Jul 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 2CVE-2025-34079 – NSClient++ Authenticated Remote Code Execution via ExternalScripts API
https://notcve.org/view.php?id=CVE-2025-34079
02 Jul 2025 — An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/nscp_authenticated_rce.rb • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.4EPSS: %CPEs: 1EXPL: 1CVE-2025-34074 – Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
https://notcve.org/view.php?id=CVE-2025-34074
02 Jul 2025 — An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. ... Because Lucee does not enforce integrity checks, path restrictions, or execution controls for scheduled task fetches, this feature can be abused to achieve arbitrary code execution. • https://vulncheck.com/advisories/lucee-admin-interface-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-49713 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49713
02 Jul 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.8EPSS: %CPEs: 1EXPL: 0CVE-2025-20307 – Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20307
02 Jul 2025 — An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA •
CVSS: 6.4EPSS: %CPEs: 5EXPL: 0CVE-2025-20310 – Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20310
02 Jul 2025 — A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc •
CVSS: 10.0EPSS: %CPEs: 1EXPL: 2CVE-2025-34073 – stamparm/maltrail <=0.54 Remote Command Execution
https://notcve.org/view.php?id=CVE-2025-34073
02 Jul 2025 — A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. • https://vulncheck.com/advisories/stamparm-maltrail-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 1CVE-2025-34071 – GFI Kerio Control Unsigned System Image Upload Root Code Execution
https://notcve.org/view.php?id=CVE-2025-34071
02 Jul 2025 — A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. • https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: %CPEs: 1EXPL: 1CVE-2025-34070 – GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces
https://notcve.org/view.php?id=CVE-2025-34070
02 Jul 2025 — A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete ... • https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce • CWE-306: Missing Authentication for Critical Function •