CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33027
https://notcve.org/view.php?id=CVE-2025-33027
15 Apr 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. • https://en.bandisoft.com/bandizip • CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33028
https://notcve.org/view.php?id=CVE-2025-33028
15 Apr 2025 — An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. • https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33028%20%28WinZip%29/CVE-2025-33028.md • CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 1CVE-2025-24797 – Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
https://notcve.org/view.php?id=CVE-2025-24797
14 Apr 2025 — A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. ... A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. • https://packetstorm.news/files/id/190552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3592 – ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3592
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. ... Es wurde eine Schwachstelle in ZHENFENG13/code-projects My-Blog-layui 1.0 ausgemacht. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-xss-2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3591 – ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3591
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. ... Eine Schwachstelle wurde in ZHENFENG13/code-projects My-Blog-layui 1.0 gefunden. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-xss-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-1782 – Unsanitized input in language form field
https://notcve.org/view.php?id=CVE-2025-1782
14 Apr 2025 — In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. • https://www.ifax.com/security/CVE-2025-1782.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3277
https://notcve.org/view.php?id=CVE-2025-3277
14 Apr 2025 — This can result in arbitrary code execution. • https://sqlite.org/src/info/498e3f1cf57f164f • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3570 – JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3570
14 Apr 2025 — A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. ... Es wurde eine Schwachstelle in JamesZBL/code-projects db-hospital-drug 1.0 ausgemacht. • https://vuldb.com/?id.304611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3568 – Webkul Krayin CRM SVG File edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3568
14 Apr 2025 — A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1LMzZyCgloWquJRWzJAV2bpWMTuiMs6Xa/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-3563 – WuzhiCMS Setting index.php set code injection
https://notcve.org/view.php?id=CVE-2025-3563
14 Apr 2025 — The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. ... Durch die Manipulation des Arguments Setting mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.304604 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •