CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23313
https://notcve.org/view.php?id=CVE-2025-23313
26 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. • https://nvd.nist.gov/vuln/detail/CVE-2025-23313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23312
https://notcve.org/view.php?id=CVE-2025-23312
26 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. • https://nvd.nist.gov/vuln/detail/CVE-2025-23312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23307
https://notcve.org/view.php?id=CVE-2025-23307
26 Aug 2025 — NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. • https://nvd.nist.gov/vuln/detail/CVE-2025-23307 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-55298 – ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2025-55298
26 Aug 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645 • CWE-123: Write-what-where Condition CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53419 – COMMGR Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-53419
26 Aug 2025 — Delta Electronics COMMGR has Code Injection vulnerability. • https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00014_COMMGR%20Stack-based%20Buffer%20Overflow%20and%20Code%20Injection%20Vulnerabilities.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9440 – 1000projects Online Project Report Submission and Evaluation System add_title.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-9440
26 Aug 2025 — A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be performed from a remote location. The exploit has been disclosed publicly and may be used. • https://vuldb.com/?id.321279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9439 – 1000projects Online Project Report Submission and Evaluation System edit_faculty.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-9439
26 Aug 2025 — A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. • https://vuldb.com/?id.321278 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9438 – 1000projects Online Project Report Submission and Evaluation System add_student.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-9438
26 Aug 2025 — A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. • https://vuldb.com/?id.321277 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9434 – 1000projects Online Project Report Submission and Evaluation System edit_title.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-9434
26 Aug 2025 — A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?id.321275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9433 – mtons mblog Admin Panel list cross site scripting
https://notcve.org/view.php?id=CVE-2025-9433
26 Aug 2025 — A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. • https://vuldb.com/?id.321274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •