
CVE-2025-7620 – DSIC|Cross-browser Components for Official Document Creation - Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-7620
14 Jul 2025 — The cross-browser document creation component developed by Digitware System Integration Corporation has a Remote Code Execution vulnerability. If a user visits a malicious website while the component is active, remote attackers can cause the system to download and execute arbitrary programs. • https://www.twcert.org.tw/en/cp-139-10242-5ab42-2.html • CWE-494: Download of Code Without Integrity Check •

CVE-2025-1384 – Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers
https://notcve.org/view.php?id=CVE-2025-1384
13 Jul 2025 — An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products. • https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-004_en.pdf • CWE-272: Least Privilege Violation •

CVE-2025-7503
https://notcve.org/view.php?id=CVE-2025-7503
11 Jul 2025 — This vulnerability allows for remote code execution and privilege escalation. • https://github.com/AounShAh/Research-on-v380-cctv-ip-camera • CWE-798: Use of Hard-coded Credentials •

CVE-2025-6423 – BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6423
11 Jul 2025 — This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/96170b82-6ed9-4a52-8592-944163cdd3cf?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-30023
https://notcve.org/view.php?id=CVE-2025-30023
11 Jul 2025 — The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. • https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf • CWE-502: Deserialization of Untrusted Data •

CVE-2025-7504 – Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2025-7504
11 Jul 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. • https://drive.google.com/file/d/1K-_AcDk9BhUa0kSQ_M-UUnLgmnYJTA0l/view • CWE-502: Deserialization of Untrusted Data •

CVE-2025-6057 – WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6057
11 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php#L85 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-25257 – FortiWeb SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-25257
https://packetstorm.news/files/id/206268 •

CVE-2025-2790 – G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2790
11 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDTunerSvc service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •

CVE-2025-6058 – WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-6058
11 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/Nxploited/CVE-2025-6058 • CWE-434: Unrestricted Upload of File with Dangerous Type •