CVSS: 6.4EPSS: %CPEs: -EXPL: 0CVE-2025-56252
https://notcve.org/view.php?id=CVE-2025-56252
15 Sep 2025 — Cross Site Scripting (xss) vulnerability in ServitiumCRM 2.10 allowing attackers to execute arbitrary code via a crafted URL to the mobile parameter. • https://gist.github.com/fir3storm/5a9c367b4fc1efbc444d72d800c175bb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: %CPEs: -EXPL: 0CVE-2025-57174
https://notcve.org/view.php?id=CVE-2025-57174
15 Sep 2025 — These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. • https://semaja2.net/2025/08/02/siklu-eh-unauthenticated-rce • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-10411 – itsourcecode E-Logbook with Health Monitoring System for COVID-19 POST Request check_profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-10411
14 Sep 2025 — A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. • https://vuldb.com/?id.323845 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-10394 – fcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injection
https://notcve.org/view.php?id=CVE-2025-10394
14 Sep 2025 — Such manipulation leads to code injection. The attack may be performed from remote. ... Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.323829 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-10388 – Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting
https://notcve.org/view.php?id=CVE-2025-10388
14 Sep 2025 — A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used. • https://vuldb.com/?id.323823 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-10386 – Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting
https://notcve.org/view.php?id=CVE-2025-10386
14 Sep 2025 — A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. • https://vuldb.com/?id.323821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 11EXPL: 1CVE-2025-10373 – Portabilis i-Educar educar_turma_tipo_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-10373
13 Sep 2025 — A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /intranet/educar_turma_tipo_cad.php. Such manipulation of the argument nm_tipo leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. • https://vuldb.com/?id.323781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 11EXPL: 1CVE-2025-10372 – Portabilis i-Educar educar_modulo_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-10372
13 Sep 2025 — A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educar_modulo_cad.php. This manipulation of the argument nm_tipo/descricao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. • https://vuldb.com/?id.323780 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 9EXPL: 1CVE-2025-10370 – MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-10370
13 Sep 2025 — This vulnerability affects unknown code of the file /htdocs/userScripts.php. • https://vuldb.com/?id.323778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 9EXPL: 1CVE-2025-10369 – MiczFlor RPi-Jukebox-RFID cardRegisterNew.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-10369
13 Sep 2025 — A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. • https://vuldb.com/?id.323777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •