CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-22371 – SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
https://notcve.org/view.php?id=CVE-2025-22371
14 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands. ... As of the date of this CVE record, there has been no patch Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated r... • https://basec.sicomm.net/login • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26872 – Eximius <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-26872
14 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26892 – Celestial Aura <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-26892
14 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29834 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29834
12 Apr 2025 — Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29834 • CWE-125: Out-of-bounds Read •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32078 – XSSes and potential RCE in Special:VersionCompare
https://notcve.org/view.php?id=CVE-2025-32078
11 Apr 2025 — Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/If901b3b98e615e1a4f4034d932d2d592000b51d0 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-27714
https://notcve.org/view.php?id=CVE-2025-27714
11 Apr 2025 — An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise. •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26894 – WordPress Coming Soon, Maintenance Mode plugin <= 1.1.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-26894
11 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon, Maintenance Mode allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and... • https://patchstack.com/database/wordpress/plugin/site-mode/vulnerability/wordpress-coming-soon-maintenance-mode-plugin-1-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27011 – WordPress Booking and Rental Manager plugin <= 2.2.8 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-27011
11 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve c... • https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-32579 – WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32579
10 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. WordPress SoftClever Limited Sync Posts plugin version 1.0 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/190492 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-29017
https://notcve.org/view.php?id=CVE-2025-29017
10 Apr 2025 — A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php. • https://github.com/b1tm4r/CVE-2025-29017 • CWE-434: Unrestricted Upload of File with Dangerous Type •