CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-53415 – File Parsing Deserialization of Untrusted Data in DTM Soft
https://notcve.org/view.php?id=CVE-2025-53415
30 Jun 2025 — Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution • https://www.deltaww.com/en-US/Cybersecurity_Advisory • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40734 – Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager
https://notcve.org/view.php?id=CVE-2025-40734
30 Jun 2025 — This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php. ... This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40733 – Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager
https://notcve.org/view.php?id=CVE-2025-40733
30 Jun 2025 — This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php. ... This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26074
https://notcve.org/view.php?id=CVE-2025-26074
30 Jun 2025 — Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. • https://medium.com/@mrcnry/cve-2025-26074-remote-code-execution-in-conductor-oss-via-inline-javascript-injection-5ce3cb651cfb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-45931
https://notcve.org/view.php?id=CVE-2025-45931
30 Jun 2025 — An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file • http://d-link.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28905 – Heap buffer overflow in picserver
https://notcve.org/view.php?id=CVE-2023-28905
28 Jun 2025 — A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28909 – Integer Overflow Leading to MTU Bypass
https://notcve.org/view.php?id=CVE-2023-28909
28 Jun 2025 — Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53098 – Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
https://notcve.org/view.php?id=CVE-2025-53098
27 Jun 2025 — Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. • https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5310 – Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-5310
27 Jun 2025 — Files can be created, deleted, or modified, potentially leading to remote code execution. ... Files can be created, deleted, or modified, potentially leading to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6755 – Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter
https://notcve.org/view.php?id=CVE-2025-6755
27 Jun 2025 — /wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution. • https://plugins.trac.wordpress.org/browser/game-users-share-buttons/tags/1.3.0/game-users-share-buttons.php#L638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •