CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3789 – baseweb JSite save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3789
18 Apr 2025 — A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?id.305612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3788 – baseweb JSite save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3788
18 Apr 2025 — A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.305611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-42599
https://notcve.org/view.php?id=CVE-2025-42599
18 Apr 2025 — Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. • https://www.qualitia.com/jp/news/2025/04/18_1030.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2025-25427 – XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page
https://notcve.org/view.php?id=CVE-2025-25427
18 Apr 2025 — A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded. • https://github.com/slin99/2025-25427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-46089
https://notcve.org/view.php?id=CVE-2024-46089
18 Apr 2025 — 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. • https://gitee.com/Q16G/laravel_bug/blob/master/74cms.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-25984
https://notcve.org/view.php?id=CVE-2025-25984
18 Apr 2025 — ,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component. • https://github.com/vladko312/Research_v380_IP_camera • CWE-259: Use of Hard-coded Password •
CVSS: 2.6EPSS: 0%CPEs: -EXPL: 0CVE-2025-25985
https://notcve.org/view.php?id=CVE-2025-25985
18 Apr 2025 — ,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components. • https://github.com/vladko312/Research_v380_IP_camera • CWE-256: Plaintext Storage of a Password •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28236
https://notcve.org/view.php?id=CVE-2025-28236
18 Apr 2025 — Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28236 •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-28355
https://notcve.org/view.php?id=CVE-2025-28355
18 Apr 2025 — Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none • https://github.com/Volmarg/personal-management-system • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29625
https://notcve.org/view.php?id=CVE-2025-29625
18 Apr 2025 — A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function. • https://github.com/CruiserOne/Astrolog/issues/25 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •