CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13902 – huang-yk student-manage Edit a Student Information Page cross site scripting
https://notcve.org/view.php?id=CVE-2024-13902
06 Mar 2025 — A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/huang-yk/student-manage/issues/I9UXC4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-25015 – Kibana arbitrary code execution via prototype pollution
https://notcve.org/view.php?id=CVE-2025-25015
05 Mar 2025 — Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. ... En las versiones de Kibana 8.17.1 y 8.17.2, esto solo es explotable por los usuarios que tienen roles que contienen todos los siguientes privilegios: flee-all, integrations-all, shares:execute-advanced-connectors Prototype pollution in Kibana leads to arbitrary code executi... • https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1967 – code-projects Blood Bank Management System donor.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1967
05 Mar 2025 — A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25362
https://notcve.org/view.php?id=CVE-2025-25362
05 Mar 2025 — A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. • https://github.com/explosion/spacy-llm/issues/492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-27657
https://notcve.org/view.php?id=CVE-2025-27657
05 Mar 2025 — Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008. • https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-27678
https://notcve.org/view.php?id=CVE-2025-27678
05 Mar 2025 — Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001. • https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1957 – code-projects Blood Bank System o+.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1957
04 Mar 2025 — A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13815 – Listingo - Business Listing and Directory WordPress Theme <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13815
04 Mar 2025 — The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. El tema Listingo para WordPress es vulnerable a la ejecución de códigos cortos arbitrarios en todas las versiones hasta la 3.2.7 incluida. Esto se debe a que el sof... • https://themeforest.net/item/listingo-business-listing-wordpress-directory-theme/20617051 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1955 – code-projects Online Class and Exam Scheduling System profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1955
04 Mar 2025 — A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-1949 – ZZCMS URL register_nodb.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1949
04 Mar 2025 — A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Sinon2003/cve/blob/main/zzcms/xss-register_nodb.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •