CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9306 – SourceCodester Advanced School Management System addNotice cross site scripting
https://notcve.org/view.php?id=CVE-2025-9306
21 Aug 2025 — A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. • https://vuldb.com/?id.320911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9237 – CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-9237
20 Aug 2025 — A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?id.320770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-9235 – Scada-LTS compound_events.shtm cross site scripting
https://notcve.org/view.php?id=CVE-2025-9235
20 Aug 2025 — A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. • https://vuldb.com/?id.320768 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-9234 – Scada-LTS maintenance_events.shtm cross site scripting
https://notcve.org/view.php?id=CVE-2025-9234
20 Aug 2025 — A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. • https://vuldb.com/?id.320767 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 4CVE-2010-20010 – Foxit PDF Reader < 4.2.0.0928 Title Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20010
20 Aug 2025 — A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file. • https://www.exploit-db.com/exploits/15532 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-10026 – Spreecommerce < 0.50.x API RCE
https://notcve.org/view.php?id=CVE-2011-10026
20 Aug 2025 — Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Ruby’s send method. This flaw enables unauthenticated attackers to execute commands on the server. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/spree_searchlogic_exec.rb • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2011-10028 – RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2011-10028
20 Aug 2025 — The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse. • https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-execution • CWE-623: Unsafe ActiveX Control Marked Safe For Scripting •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2011-10021 – Magix Musik Maker <= v16 .mmm Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-10021
20 Aug 2025 — By crafting a malicious .mmm file, an attacker can trigger the overflow when the file is opened, potentially leading to arbitrary code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-20045 – FileWrangler <= 5.30 Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20045
20 Aug 2025 — Successful exploitation may lead to arbitrary code execution. • https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-9233 – Scada-LTS view_edit.shtm cross site scripting
https://notcve.org/view.php?id=CVE-2025-9233
20 Aug 2025 — A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. • https://vuldb.com/?id.320766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •