CVSS: 7.1EPSS: %CPEs: 1EXPL: 0CVE-2025-66448 – vLLM vulnerable to remote code execution via transformers_utils/get_config
https://notcve.org/view.php?id=CVE-2025-66448
01 Dec 2025 — Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. ... In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. • https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-66401 – MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
https://notcve.org/view.php?id=CVE-2025-66401
01 Dec 2025 — This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL. • https://github.com/kapilduraphe/mcp-watch/commit/e7da78c5b4b960f8b66c254059ad9ebc544a91a6 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2025-66299 – Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS
https://notcve.org/view.php?id=CVE-2025-66299
01 Dec 2025 — Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. ... This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. • https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.4EPSS: %CPEs: 1EXPL: 0CVE-2025-66297 – Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
https://notcve.org/view.php?id=CVE-2025-66297
01 Dec 2025 — By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27. • https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.7EPSS: %CPEs: 1EXPL: 0CVE-2025-66294 – Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
https://notcve.org/view.php?id=CVE-2025-66294
01 Dec 2025 — Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. • https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2025-13516 – SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-13516
01 Dec 2025 — This makes it possible for unauthenticated attackers to achieve Remote Code Execution by uploading malicious PHP files through any public form that emails attachments, calculating the predictable filename, and directly accessing the file to execute arbitrary code granted they are exploiting a site running on an affected web server configuration. • https://cwe.mitre.org/data/definitions/434.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.6EPSS: %CPEs: 2EXPL: 0CVE-2025-11772 – Co-Installer Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-11772
01 Dec 2025 — A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation. • https://www.synaptics.com/sites/default/files/2025-12/fingerprint-driver-co-installer-security-brief-2025-12-01.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 0CVE-2025-8351 – Scanning a malformed file in Avast Antivirus 8.3.70.94 on MacOS may result in remote code execution
https://notcve.org/view.php?id=CVE-2025-8351
01 Dec 2025 — Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2025-10101 – Crafted Mach-O file may allow Remote Code Execution in Avast Antivirus 15.7 on MacOS
https://notcve.org/view.php?id=CVE-2025-10101
01 Dec 2025 — Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025. Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2025-12529 – Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-12529
01 Dec 2025 — The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.1/includes/classes/CCBOrderController.php#L262 • CWE-73: External Control of File Name or Path •