CVSS: 9.0EPSS: %CPEs: -EXPL: 0CVE-2025-22457
https://notcve.org/view.php?id=CVE-2025-22457
03 Apr 2025 — A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. • https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 1CVE-2025-3161 – Tenda AC10 ShutdownSetAdd stack-based overflow
https://notcve.org/view.php?id=CVE-2025-3161
03 Apr 2025 — A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/LxxxtSec/CVE/blob/main/CVE_1.md#vulnerability-proof-supplement-remote-code-execution-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 4.8EPSS: %CPEs: -EXPL: 0CVE-2025-3157 – Intelbras WRN 150 Wireless Menu cross site scripting
https://notcve.org/view.php?id=CVE-2025-3157
03 Apr 2025 — A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?id.303101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: %CPEs: 1EXPL: 0CVE-2025-2945 – pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
https://notcve.org/view.php?id=CVE-2025-2945
03 Apr 2025 — Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. • https://github.com/pgadmin-org/pgadmin4/issues/8603 •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3152 – caipeichao ThinkOX Search search.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-3152
03 Apr 2025 — A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/dtwin88/cve-md/blob/main/ThinkOX1.0/ThinkOX1.0.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 8EXPL: 1CVE-2025-3149 – itning Student Homework Management System Edit Job Page fileupload cross site scripting
https://notcve.org/view.php?id=CVE-2025-3149
03 Apr 2025 — A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. • https://gitee.com/nwtmd5/cve/issues/IBVLXL • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31477 – Improper Scope Validation in the open Endpoint of tauri-plugin-shell
https://notcve.org/view.php?id=CVE-2025-31477
02 Apr 2025 — Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. ... By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. • https://github.com/tauri-apps/plugins-workspace/commit/9cf0390a52497e273db1a1b613a0e26827aa327c • CWE-20: Improper Input Validation •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31286
https://notcve.org/view.php?id=CVE-2025-31286
02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0014
https://notcve.org/view.php?id=CVE-2025-0014
02 Apr 2025 — Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31722
https://notcve.org/view.php?id=CVE-2025-31722
02 Apr 2025 — In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505 • CWE-94: Improper Control of Generation of Code ('Code Injection') •