CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2020-18243
https://notcve.org/view.php?id=CVE-2020-18243
15 Apr 2025 — SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php. • https://github.com/enricozab/CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-36842
https://notcve.org/view.php?id=CVE-2024-36842
15 Apr 2025 — An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component. • https://github.com/abbiy/CVE-2024-36842-Backdooring-Oncord-Android-Sterio- • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26996 – WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26996
15 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1. The The Sign-up Sheets plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.3.0.1. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://patchstack.com/database/wordpress/plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-0-1-shortcode-injection-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-28100
https://notcve.org/view.php?id=CVE-2025-28100
15 Apr 2025 — A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter. • https://github.com/gh3-dk/vul/blob/main/sql%20injection/dingfanzu/dingfanzu-CMS%20operateOrder.php%20id%20SQL-inject.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29213
https://notcve.org/view.php?id=CVE-2025-29213
15 Apr 2025 — A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. • https://github.com/wy876/cve/issues/7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-29281
https://notcve.org/view.php?id=CVE-2025-29281
15 Apr 2025 — In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them. • https://github.com/Cray0nLee/CVE/issues/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 1%CPEs: -EXPL: 1CVE-2025-29471 – Nagios Log Server 2024R1.3.1 - Stored XSS
https://notcve.org/view.php?id=CVE-2025-29471
15 Apr 2025 — Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. • https://www.exploit-db.com/exploits/52117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32596 – WordPress Real Estate Manager plugin <= 7.3 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-32596
15 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3. The Real Estate Manager – Property Listing and Agent Management plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to execute code on the... • https://patchstack.com/database/wordpress/plugin/real-estate-manager/vulnerability/wordpress-real-estate-manager-plugin-7-3-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32682 – WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-32682
15 Apr 2025 — The MapSVG – Vector maps, Image maps, Google Maps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 8.5.34. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/mapsvg-lite-interactive-vector-maps/vulnerability/wordpress-mapsvg-lite-plugin-8-5-32-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33026
https://notcve.org/view.php?id=CVE-2025-33026
15 Apr 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. • https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33026%20%28PeaZip%29/CVE-2025-33026.md • CWE-830: Inclusion of Web Functionality from an Untrusted Source •