CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-3531 – YouDianCMS index.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-3531
13 Apr 2025 — A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/zonesec0/findcve/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29834 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29834
12 Apr 2025 — Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29834 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0119 – Cortex XDR Broker VM: Authenticated Command Injection Vulnerability in Broker VM
https://notcve.org/view.php?id=CVE-2025-0119
11 Apr 2025 — A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM. A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM. • https://security.paloaltonetworks.com/CVE-2025-0119 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32078 – XSSes and potential RCE in Special:VersionCompare
https://notcve.org/view.php?id=CVE-2025-32078
11 Apr 2025 — Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/If901b3b98e615e1a4f4034d932d2d592000b51d0 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32075 – IP and user agent leaks in Extension:Tabs
https://notcve.org/view.php?id=CVE-2025-32075
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42970
https://notcve.org/view.php?id=CVE-2023-42970
11 Apr 2025 — Processing web content may lead to arbitrary code execution. • https://support.apple.com/en-us/120330 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42875
https://notcve.org/view.php?id=CVE-2023-42875
11 Apr 2025 — Processing web content may lead to arbitrary code execution. • https://support.apple.com/en-us/120330 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13861
https://notcve.org/view.php?id=CVE-2024-13861
11 Apr 2025 — A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250411-taegis-agent-lpe • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-27714
https://notcve.org/view.php?id=CVE-2025-27714
11 Apr 2025 — An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise. •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0125 – PAN-OS: Improper Neutralization of Input in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0125
11 Apr 2025 — An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended criti... • https://security.paloaltonetworks.com/CVE-2025-0125 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •