CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-1892 – shishuocms Directory Deletion Page add.json cross site scripting
https://notcve.org/view.php?id=CVE-2025-1892
04 Mar 2025 — A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component Directory Deletion Page. The manipulation of the argument folderName leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/caigo8/CVE-md/blob/main/shishuocms/%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: -EXPL: 0CVE-2024-50704
https://notcve.org/view.php?id=CVE-2024-50704
04 Mar 2025 — Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. Vulnerabilidad de ejecución de código remoto no autenticado en Uniguest Tripleplay antes de 24.2.1 permite a los atacantes remotos ejecutar código arbitrario a través de una petición HTTP POST especialmente manipulada. • https://uniguest.com/cve-bulletins • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-50707
https://notcve.org/view.php?id=CVE-2024-50707
04 Mar 2025 — Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. Vulnerabilidad de ejecución de código remoto no autenticado en Uniguest Tripleplay antes de 24.2.1 permite a atacantes remotos ejecutar código arbitrario a través de la cabecera X-Forwarded-For en una petición HTTP de tipo GET. • https://uniguest.com/cve-bulletins • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26182
https://notcve.org/view.php?id=CVE-2025-26182
04 Mar 2025 — An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file Un problema en novel plus de xxyopen v.4.4.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través del fichero PageController.java • https://gist.github.com/GSBP0/007355c5f6bd213264ae1c35c347e5cc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0686 – Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat
https://notcve.org/view.php?id=CVE-2025-0686
03 Mar 2025 — This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0686 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0685 – Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
https://notcve.org/view.php?id=CVE-2025-0685
03 Mar 2025 — This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0685 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0684 – Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
https://notcve.org/view.php?id=CVE-2025-0684
03 Mar 2025 — This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0684 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2025-0678 – Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
https://notcve.org/view.php?id=CVE-2025-0678
03 Mar 2025 — This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0678 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0689 – Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2025-0689
03 Mar 2025 — A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0689 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-1125 – Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-1125
03 Mar 2025 — This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-1125 • CWE-787: Out-of-bounds Write •