CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44192 – Debian Security Advisory 5885-1
https://notcve.org/view.php?id=CVE-2024-44192
10 Mar 2025 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1945 – picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
https://notcve.org/view.php?id=CVE-2025-1945
10 Mar 2025 — This can lead to arbitrary code execution when loading a compromised model. • https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2169 – WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2025-2169
10 Mar 2025 — The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/currency-switcher/trunk/index.php#L1920 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-2133 – ftcms edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-2133
09 Mar 2025 — A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ahieafe/zpp/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2131 – dayrui XunRuiCMS Friendly Links cross site scripting
https://notcve.org/view.php?id=CVE-2025-2131
09 Mar 2025 — A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. • https://github.com/dayrui/xunruicms/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 2CVE-2025-2130 – OpenXE Ticket Bearbeiten Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-2130
09 Mar 2025 — A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.299050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2127 – JoomlaUX JUX Real Estate realties cross site scripting
https://notcve.org/view.php?id=CVE-2025-2127
09 Mar 2025 — A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. • https://packetstorm.news/files/id/189675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2124 – Control iD RH iD API change_password cross site scripting
https://notcve.org/view.php?id=CVE-2025-2124
09 Mar 2025 — A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yago3008/cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2123 – GeSHi CSS cssgen.php get_var cross site scripting
https://notcve.org/view.php?id=CVE-2025-2123
09 Mar 2025 — A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GeSHi/geshi-1.0/issues/159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53693 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-53693
07 Mar 2025 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... • https://www.qnap.com/en/security-advisory/qsa-24-54 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-400: Uncontrolled Resource Consumption •