CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3051 – Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory
https://notcve.org/view.php?id=CVE-2025-3051
01 Apr 2025 — If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. ... If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30673 – Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory
https://notcve.org/view.php?id=CVE-2025-30673
01 Apr 2025 — If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. ... If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30672 – Mite for Perl generates code with an untrusted search path vulnerability
https://notcve.org/view.php?id=CVE-2025-30672
01 Apr 2025 — If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24243 – Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24243
31 Mar 2025 — Processing a maliciously crafted file may lead to arbitrary code execution. • https://support.apple.com/en-us/122371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-3036 – yzk2356911358 StudentServlet-JSP Student Management cross site scripting
https://notcve.org/view.php?id=CVE-2025-3036
31 Mar 2025 — A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.302097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-3005 – Sayski ForestBlog Friend Link cross site scripting
https://notcve.org/view.php?id=CVE-2025-3005
31 Mar 2025 — A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/saysky/ForestBlog/issues/105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-3004 – Sayski ForestBlog search cross site scripting
https://notcve.org/view.php?id=CVE-2025-3004
31 Mar 2025 — A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/saysky/ForestBlog/issues/104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-2981 – Legrand SMS PowerView cross site scripting
https://notcve.org/view.php?id=CVE-2025-2981
31 Mar 2025 — A vulnerability, which was classified as problematic, has been found in Legrand SMS PowerView 1.x. This issue affects some unknown processing. The manipulation of the argument redirect leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.302033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-2979 – WCMS Registration setregister cross site scripting
https://notcve.org/view.php?id=CVE-2025-2979
31 Mar 2025 — A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/caigo8/CVE-md/blob/main/wcms11/%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2977 – GFI KerioConnect PDF File cross site scripting
https://notcve.org/view.php?id=CVE-2025-2977
31 Mar 2025 — A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/0xs1ash/poc/blob/main/portable_data_exfiltration.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •