CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
https://notcve.org/view.php?id=NotCVE-2023-0003
06 Dec 2023 — Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0422 – Authenticated Remote Code Execution via ScriptVar
https://notcve.org/view.php?id=CVE-2025-0422
18 Feb 2025 — An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. (Remote Code Execution) For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By default, admin users have those permissions, but with the granular permission system, those permissions may be assigned to other users. An attacker is able to execute commands on the server running the "bestinformed Web... • https://www.cordaware.com/changelog/en/version-6_4_0_4-release-13_02_2025.html • CWE-20: Improper Input Validation •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1392 – D-Link DIR-816 index.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-1392
17 Feb 2025 — A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.296023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13689 – Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias
https://notcve.org/view.php?id=CVE-2024-13689
17 Feb 2025 — The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13797 – PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13797
17 Feb 2025 — The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://themeforest.net/item/pressmart-modern-elementor-woocommerce-wordpress-theme/39241221 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1360 – Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1360
16 Feb 2025 — A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msg_to leads to cross site scripting. It is possible to launch the attack remotely. Other parameters might be affected as well. • https://vuldb.com/?ctiid.295968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1359 – SIAM Industria de Automação e Monitoramento qrcode.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-1359
16 Feb 2025 — A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.295967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1354 – Asus RT-N12E sysinfo.asp cross site scripting
https://notcve.org/view.php?id=CVE-2025-1354
16 Feb 2025 — A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.295962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1337 – Eastnets PaymentSafe BIC Search cross site scripting
https://notcve.org/view.php?id=CVE-2025-1337
16 Feb 2025 — A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. It has been classified as problematic. This affects an unknown part of the component BIC Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. • https://drive.google.com/file/d/1uTRLoCnOGcXtSpoZO8xyPakhIO4MbCMk/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-1332 – FastCMS Template Menu menu cross site scripting
https://notcve.org/view.php?id=CVE-2025-1332
16 Feb 2025 — A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html#/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/xjd2020/fastcms/issues/IBKJ1W • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •