CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1957 – code-projects Blood Bank System o+.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1957
04 Mar 2025 — A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13815 – Listingo - Business Listing and Directory WordPress Theme <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13815
04 Mar 2025 — The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. El tema Listingo para WordPress es vulnerable a la ejecución de códigos cortos arbitrarios en todas las versiones hasta la 3.2.7 incluida. Esto se debe a que el sof... • https://themeforest.net/item/listingo-business-listing-wordpress-directory-theme/20617051 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1955 – code-projects Online Class and Exam Scheduling System profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1955
04 Mar 2025 — A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-1949 – ZZCMS URL register_nodb.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1949
04 Mar 2025 — A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Sinon2003/cve/blob/main/zzcms/xss-register_nodb.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11957 – Arbitrary Code Execution in WPS Office
https://notcve.org/view.php?id=CVE-2024-11957
04 Mar 2025 — Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. • https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1905 – SourceCodester Employee Management System employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1905
04 Mar 2025 — A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1904 – code-projects Blood Bank System A+.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1904
04 Mar 2025 — A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site scripting. The attack may be launched remotely. Eine problematische Schwachstelle wurde in code-projects Blood Bank System 1.0 entdeckt. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24309 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-24309
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24301 – Arkcompiler Ets Runtime has an UAF vulnerability
https://notcve.org/view.php?id=CVE-2025-24301
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23420 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-23420
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-787: Out-of-bounds Write •