CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55028
https://notcve.org/view.php?id=CVE-2024-55028
25 Mar 2025 — A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. • https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30091
https://notcve.org/view.php?id=CVE-2025-30091
25 Mar 2025 — In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed. • https://www.moxiemanager.com/changelog • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-24514 – ingress-nginx controller - configuration injection via unsanitized auth-url annotation
https://notcve.org/view.php?id=CVE-2025-24514
24 Mar 2025 — This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-1098 – ingress-nginx controller - configuration injection via unsanitized mirror annotations
https://notcve.org/view.php?id=CVE-2025-1098
24 Mar 2025 — This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 3CVE-2025-1097 – ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
https://notcve.org/view.php?id=CVE-2025-1097
24 Mar 2025 — This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 82%CPEs: 2EXPL: 15CVE-2025-1974 – ingress-nginx admission controller RCE escalation
https://notcve.org/view.php?id=CVE-2025-1974
24 Mar 2025 — A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. • https://packetstorm.news/files/id/190070 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2715 – timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2715
24 Mar 2025 — A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/janssensjelle/published-pocs/blob/main/weberp-xss-confirm-dispatch.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2714 – JoomlaUX JUX Real Estate addagent cross site scripting
https://notcve.org/view.php?id=CVE-2025-2714
24 Mar 2025 — A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents/agent-register/addagent. The manipulation of the argument plan_id leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.300734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2712 – Yonyou UFIDA ERP-NC top.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2712
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2711 – Yonyou UFIDA ERP-NC systop.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2711
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •