CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1550 – Arbitrary Code Execution via Crafted Keras Config for Model Loading
https://notcve.org/view.php?id=CVE-2025-1550
11 Mar 2025 — The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. • https://github.com/keras-team/keras/pull/20751 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2190
https://notcve.org/view.php?id=CVE-2025-2190
11 Mar 2025 — The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. • https://security.tecno.com/SRC/blogdetail/393?lang=en_US • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25680
https://notcve.org/view.php?id=CVE-2025-25680
11 Mar 2025 — The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera. • https://github.com/Yasha-ops/LSC_Indoor_PTZ_Camera-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44192 – Debian Security Advisory 5885-1
https://notcve.org/view.php?id=CVE-2024-44192
10 Mar 2025 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1945 – picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
https://notcve.org/view.php?id=CVE-2025-1945
10 Mar 2025 — This can lead to arbitrary code execution when loading a compromised model. • https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2169 – WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2025-2169
10 Mar 2025 — The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/currency-switcher/trunk/index.php#L1920 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-2133 – ftcms edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-2133
09 Mar 2025 — A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ahieafe/zpp/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2131 – dayrui XunRuiCMS Friendly Links cross site scripting
https://notcve.org/view.php?id=CVE-2025-2131
09 Mar 2025 — A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. • https://github.com/dayrui/xunruicms/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 2CVE-2025-2130 – OpenXE Ticket Bearbeiten Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-2130
09 Mar 2025 — A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.299050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2127 – JoomlaUX JUX Real Estate realties cross site scripting
https://notcve.org/view.php?id=CVE-2025-2127
09 Mar 2025 — A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. • https://packetstorm.news/files/id/189675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •