CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-53415 – File Parsing Deserialization of Untrusted Data in DTM Soft
https://notcve.org/view.php?id=CVE-2025-53415
30 Jun 2025 — Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution • https://www.deltaww.com/en-US/Cybersecurity_Advisory • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28905 – Heap buffer overflow in picserver
https://notcve.org/view.php?id=CVE-2023-28905
28 Jun 2025 — A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28909 – Integer Overflow Leading to MTU Bypass
https://notcve.org/view.php?id=CVE-2023-28909
28 Jun 2025 — Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53098 – Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
https://notcve.org/view.php?id=CVE-2025-53098
27 Jun 2025 — Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would have been possible for an attacker with access to craft a prompt to ask the agent to write a malicious command to the MCP configuration file. If the user had opted-in to auto-approving fil... • https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5310 – Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-5310
27 Jun 2025 — Files can be created, deleted, or modified, potentially leading to remote code execution. ... Files can be created, deleted, or modified, potentially leading to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6755 – Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter
https://notcve.org/view.php?id=CVE-2025-6755
27 Jun 2025 — /wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution. • https://plugins.trac.wordpress.org/browser/game-users-share-buttons/tags/1.3.0/game-users-share-buttons.php#L638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6794 – Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6794
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6802 – Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6802
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6808 – Marvell QConvergeConsole readObjectFromConfigFile Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6808
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6809 – Marvell QConvergeConsole readNICParametersFromFile Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6809
27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •