CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53967 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53967
19 Mar 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53968 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53968
19 Mar 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53969 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53969
19 Mar 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29783 – vLLM Allows Remote Code Execution via Mooncake Integration
https://notcve.org/view.php?id=CVE-2025-29783
19 Mar 2025 — This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. • https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11131
https://notcve.org/view.php?id=CVE-2024-11131
19 Mar 2025 — This allows remote attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_24 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10442
https://notcve.org/view.php?id=CVE-2024-10442
19 Mar 2025 — Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_22 • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2024-10441
https://notcve.org/view.php?id=CVE-2024-10441
19 Mar 2025 — Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. ... Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM)... • https://github.com/hazzzein/CVE-2024-10441 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57061
https://notcve.org/view.php?id=CVE-2024-57061
19 Mar 2025 — An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. • https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29137
https://notcve.org/view.php?id=CVE-2025-29137
19 Mar 2025 — Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. • https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac7form_fast_setting_wifi_set%20timeZone.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29401
https://notcve.org/view.php?id=CVE-2025-29401
19 Mar 2025 — An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/bGl1o/emlogpro/blob/main/emlog%20pro2.5.7-getshell.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •