CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-7042 – Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-7042
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-6974 – Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6974
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6974 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-6973 – Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6973
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6973 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-6972 – Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6972
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6972 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-6971 – Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-6971
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6971 • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-0831 – Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
https://notcve.org/view.php?id=CVE-2025-0831
15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-0831 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 2CVE-2025-34111 – Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE
https://notcve.org/view.php?id=CVE-2025-34111
15 Jul 2025 — An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/. • https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: %CPEs: 4EXPL: 2CVE-2025-34113 – Tiki Wiki CMS Authenticated Command Injection in Calendar Module
https://notcve.org/view.php?id=CVE-2025-34113
15 Jul 2025 — Successful exploitation leads to remote code execution in the context of the web server user. • https://www.acunetix.com/vulnerabilities/web/tiki-wiki-cms-remote-code-execution-via-calendar-module • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 1CVE-2025-34068 – Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters
https://notcve.org/view.php?id=CVE-2025-34068
15 Jul 2025 — An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their con... • https://s4e.io/tools/samsung-wlan-ap-remote-code-execution • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: %CPEs: 2EXPL: 2CVE-2025-34112 – Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
https://notcve.org/view.php?id=CVE-2025-34112
15 Jul 2025 — An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. • https://www.vulncheck.com/advisories/riverbed-steel-central-net-profiler-net-express-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •