CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66078 – WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-66078
18 Dec 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3. • https://vdp.patchstack.com/database/Wordpress/Plugin/motopress-hotel-booking-lite/vulnerability/wordpress-hotel-booking-lite-plugin-5-2-3-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-64225 – WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-64225
18 Dec 2025 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through <= 1.2.11. • https://vdp.patchstack.com/database/Wordpress/Plugin/stockie-extra/vulnerability/wordpress-stockie-extra-plugin-1-2-11-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-60070 – WordPress Molla - Multipurpose Responsive Shopify theme <= 1.5.13 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-60070
18 Dec 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through <= 1.5.13. • https://vdp.patchstack.com/database/Wordpress/Theme/molla/vulnerability/wordpress-molla-multipurpose-responsive-shopify-theme-1-5-13-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-60068 – WordPress Javo Core plugin <= 3.0.0.266 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-60068
18 Dec 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through <= 3.0.0.266. • https://vdp.patchstack.com/database/Wordpress/Plugin/javo-core/vulnerability/wordpress-javo-core-plugin-3-0-0-266-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-14856 – y_project RuoYi getnames code injection
https://notcve.org/view.php?id=CVE-2025-14856
18 Dec 2025 — Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. • https://github.com/ltranquility/CVE/issues/26 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-14920 – Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-14920
18 Dec 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current user. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-14921 – Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-14921
18 Dec 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current user. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-14922 – Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-14922
18 Dec 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-14924 – Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-14924
18 Dec 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-14925 – Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-14925
18 Dec 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •