CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-50405 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-50405
07 Mar 2025 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been... • https://www.qnap.com/en/security-advisory/qsa-24-54 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13890 – Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection
https://notcve.org/view.php?id=CVE-2024-13890
07 Mar 2025 — The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. • https://plugins.trac.wordpress.org/browser/allow-php-execute/trunk/allow-php-execute.php#L10 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13895 – Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13895
07 Mar 2025 — The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/code-snippets-cpt/trunk/lib/CodeSnippitButton.php#L201 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2087 – StarSea99 starsea-mall update cross site scripting
https://notcve.org/view.php?id=CVE-2025-2087
07 Mar 2025 — A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/333.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2086 – StarSea99 starsea-mall update cross site scripting
https://notcve.org/view.php?id=CVE-2025-2086
07 Mar 2025 — A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/222.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2085 – StarSea99 starsea-mall save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2085
07 Mar 2025 — A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/111.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2084 – PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2084
07 Mar 2025 — A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/sorcha-l/cve/blob/main/Human%20Metapneumovirus%20(HMPV)%20%E2%80%93%20Testing%20Management%20System%20%20XSS%20in%20search-report.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26331
https://notcve.org/view.php?id=CVE-2025-26331
07 Mar 2025 — A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2061 – code-projects Online Ticket Reservation System passenger.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2061
07 Mar 2025 — A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42733
https://notcve.org/view.php?id=CVE-2024-42733
07 Mar 2025 — An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input • https://github.com/Docmosis/tornado-docker/issues/14 • CWE-94: Improper Control of Generation of Code ('Code Injection') •