CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41459 – Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS
https://notcve.org/view.php?id=CVE-2025-41459
21 Jul 2025 — Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection. • https://www.cirosec.de/sa/sa-2025-006 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0664
https://notcve.org/view.php?id=CVE-2025-0664
21 Jul 2025 — A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges. • https://thrive.trellix.com/s/article/000014450 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7917 – Simopro Technology|WinMatrix3 Web package - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-7917
21 Jul 2025 — WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-10263-5f2e7-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-46121
https://notcve.org/view.php?id=CVE-2025-46121
21 Jul 2025 — A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller. • http://commscope.com •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-7902 – yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting
https://notcve.org/view.php?id=CVE-2025-7902
20 Jul 2025 — A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yangzongzhuan/RuoYi/issues/294 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-7901 – yangzongzhuan RuoYi Swagger UI index.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-7901
20 Jul 2025 — A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be initiated remotely. • https://github.com/yangzongzhuan/RuoYi/issues/293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 79EXPL: 1CVE-2025-7887 – Zavy86 WikiDocs template.inc.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7887
20 Jul 2025 — A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file template.inc.php. The manipulation of the argument path leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Zavy86/WikiDocs/issues/256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-7885 – Huashengdun WebSSH Login Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-7885
20 Jul 2025 — A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-7885.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7872 – Portabilis i-Diario justificativas-de-falta cross site scripting
https://notcve.org/view.php?id=CVE-2025-7872
20 Jul 2025 — A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. The manipulation of the argument Justificativa leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/marcelomulder/CVEs/blob/main/Report%201.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7871 – Portabilis i-Diario conteudos cross site scripting
https://notcve.org/view.php?id=CVE-2025-7871
20 Jul 2025 — A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulation of the argument filter[by_description] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CVE-Hunters/CVE/blob/main/i-diario/CVE-2025-7871.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •