CVSS: 4.8EPSS: %CPEs: 1EXPL: 1CVE-2025-14991 – Campcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-14991
21 Dec 2025 — A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing manipulation of the argument fromdate can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. • https://github.com/funnnxxx/my-cve/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.3EPSS: %CPEs: 1EXPL: 2CVE-2025-12654 – Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation
https://notcve.org/view.php?id=CVE-2025-12654
20 Dec 2025 — The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to create arbitrary directories. • https://github.com/Yuweixn/Anydesk-Exploit-CVE-2025-12654-RCE-Builder • CWE-73: External Control of File Name or Path •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68613 – n8n Vulnerable to Remote Code Execution via Expression Injection
https://notcve.org/view.php?id=CVE-2025-68613
19 Dec 2025 — Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arb... • https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53959 – FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll
https://notcve.org/view.php?id=CVE-2023-53959
19 Dec 2025 — FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches. • https://www.vulncheck.com/advisories/filezilla-client-dll-hijacking-via-missing-textshapingdll • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1CVE-2023-53956 – Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-53956
19 Dec 2025 — Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server. • https://www.vulncheck.com/advisories/flatnux-authenticated-file-upload-remote-code-execution • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53952 – Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload
https://notcve.org/view.php?id=CVE-2023-53952
19 Dec 2025 — Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server. • https://www.vulncheck.com/advisories/dotclear-authenticated-remote-code-execution-via-file-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53948 – Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery
https://notcve.org/view.php?id=CVE-2023-53948
19 Dec 2025 — Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. • https://www.vulncheck.com/advisories/lilac-reloaded-for-nagios-remote-code-execution-via-autodiscovery • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53946 – Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-53946
19 Dec 2025 — Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions. • https://www.arcsoft.com • CWE-428: Unquoted Search Path or Element •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-53945 – BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation
https://notcve.org/view.php?id=CVE-2023-53945
19 Dec 2025 — BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. • https://www.vulncheck.com/advisories/brainycp-remote-code-execution-via-authenticated-crontab-manipulation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-14962 – code-projects Simple Stock System chatuser.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-14962
19 Dec 2025 — A flaw has been found in code-projects Simple Stock System 1.0. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •