CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11957 – Arbitrary Code Execution in WPS Office
https://notcve.org/view.php?id=CVE-2024-11957
04 Mar 2025 — Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. • https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1905 – SourceCodester Employee Management System employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1905
04 Mar 2025 — A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1904 – code-projects Blood Bank System A+.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1904
04 Mar 2025 — A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site scripting. The attack may be launched remotely. Eine problematische Schwachstelle wurde in code-projects Blood Bank System 1.0 entdeckt. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24309 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-24309
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24301 – Arkcompiler Ets Runtime has an UAF vulnerability
https://notcve.org/view.php?id=CVE-2025-24301
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23420 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-23420
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23414 – Arkcompiler Ets Runtime has an UAF vulnerability
https://notcve.org/view.php?id=CVE-2025-23414
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23409 – Communication Dsoftbus has an UAF vulnerability
https://notcve.org/view.php?id=CVE-2025-23409
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23240 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-23240
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-787: Out-of-bounds Write •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22835 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-22835
04 Mar 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md • CWE-787: Out-of-bounds Write •