
CVE-2025-7111 – Portabilis i-Educar Course Module educar_curso_det.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7111
07 Jul 2025 — This vulnerability affects unknown code of the file /intranet/educar_curso_det.php? • https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README13.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-7110 – Portabilis i-Educar School Module educar_escola_lst.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7110
07 Jul 2025 — A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README12.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-7109 – Portabilis i-Educar Student Benefits Registration educar_aluno_beneficio_lst.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7109
07 Jul 2025 — Davon betroffen ist unbekannter Code der Datei /intranet/educar_aluno_beneficio_lst.php der Komponente Student Benefits Registration. • https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README11.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-7101 – BoyunCMS Configuration File install_ok.php code injection
https://notcve.org/view.php?id=CVE-2025-7101
07 Jul 2025 — The manipulation of the argument db_pass leads to code injection. It is possible to initiate the attack remotely. ... Durch Manipulieren des Arguments db_pass mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://note-hxlab.wetolink.com/share/6wemW8CnOMbu • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-45479
https://notcve.org/view.php?id=CVE-2025-45479
07 Jul 2025 — Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. • https://github.com/YX-hueimie/CVE-Issues/blob/main/CVE-2025-45479.md •

CVE-2025-6744 – Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2025-6744
07 Jul 2025 — The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-6812 – Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6812
07 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppServer service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •

CVE-2025-7223 – INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7223
07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVE-2025-7224 – INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7224
07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVE-2025-7225 – INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7225
07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •