CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-2335 – Drivin Soluções API registerSchool cross site scripting
https://notcve.org/view.php?id=CVE-2025-2335
16 Mar 2025 — A vulnerability classified as problematic was found in Drivin Soluções up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yago3008/cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26924 – WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26924
15 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ohio Extra allows Code Injection. • https://patchstack.com/database/wordpress/plugin/ohio-extra/vulnerability/wordpress-ohio-theme-extra-plugin-3-4-7-shortcode-injection-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54448 – Remote Code Execution (RCE) via Automation Scripting
https://notcve.org/view.php?id=CVE-2024-54448
14 Mar 2025 — The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. The Automation Scripting functionality can be exploited by at... • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29409
https://notcve.org/view.php?id=CVE-2024-29409
14 Mar 2025 — File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. • https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: -EXPL: 1CVE-2025-29384
https://notcve.org/view.php?id=CVE-2025-29384
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/Otsmane-Ahmed/cve-2025-29384-poc • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29385
https://notcve.org/view.php?id=CVE-2025-29385
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan3.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29386
https://notcve.org/view.php?id=CVE-2025-29386
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan4.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29387
https://notcve.org/view.php?id=CVE-2025-29387
14 Mar 2025 — In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. • https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan2.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27107 – Integrated Scripting vulnerable to arbitrary code execution via Java reflection
https://notcve.org/view.php?id=CVE-2025-27107
13 Mar 2025 — Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. ... Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. • https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/ScriptHelpers.java#L46 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 4%CPEs: 7EXPL: 0CVE-2025-27407 – Remote code execution when loading a crafted GraphQL schema
https://notcve.org/view.php?id=CVE-2025-27407
12 Mar 2025 — graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1... • https://github.com/github-community-projects/graphql-client • CWE-94: Improper Control of Generation of Code ('Code Injection') •