CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3570 – JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3570
14 Apr 2025 — A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. ... Es wurde eine Schwachstelle in JamesZBL/code-projects db-hospital-drug 1.0 ausgemacht. • https://vuldb.com/?id.304611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3568 – Webkul Krayin CRM SVG File edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3568
14 Apr 2025 — A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1LMzZyCgloWquJRWzJAV2bpWMTuiMs6Xa/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-3563 – WuzhiCMS Setting index.php set code injection
https://notcve.org/view.php?id=CVE-2025-3563
14 Apr 2025 — The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. ... Durch die Manipulation des Arguments Setting mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.304604 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3560 – ghostxbh uzy-ssm-mall product cross site scripting
https://notcve.org/view.php?id=CVE-2025-3560
14 Apr 2025 — A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.304601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-3554 – phpshe api.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-3554
14 Apr 2025 — Davon betroffen ist unbekannter Code der Datei api.php? • https://vuldb.com/?id.304595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26872 – Eximius <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-26872
14 Apr 2025 — The Eximius theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26892 – Celestial Aura <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-26892
14 Apr 2025 — The Celestial Aura theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56406 – Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
https://notcve.org/view.php?id=CVE-2024-56406
13 Apr 2025 — . $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. Nathan Mills discovered a heap-based buffer overflow vulnerability in the implementation of the Perl programming language when transliterating non-ASCII bytes with tr///, which may result in denial of service, or potentially the execution of arbitrar... • https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-3533 – YouDianCMS index.html.Attackers cross site scripting
https://notcve.org/view.php?id=CVE-2025-3533
13 Apr 2025 — A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/zonesec0/findcve/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-3532 – YouDianCMS index.html.Attackers cross site scripting
https://notcve.org/view.php?id=CVE-2025-3532
13 Apr 2025 — This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. • https://github.com/zonesec0/findcve/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •