
CVE-2025-6696 – LabRedesCefetRJ WeGIA Cadastro de Atendio Cadastro_Atendido.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-6696
26 Jun 2025 — A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?id.313962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-49003 – Dataease H2 JDBC Connection Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-49003
26 Jun 2025 — A threat actor who uses a carefully crafted message that exploits this character conversion can cause remote code execution. • https://github.com/dataease/dataease/security/advisories/GHSA-x97w-69ff-r55q • CWE-153: Improper Neutralization of Substitution Characters •

CVE-2025-6695 – LabRedesCefetRJ WeGIA Additional Categoria adicionar_categoria.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-6695
26 Jun 2025 — A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-6694 – LabRedesCefetRJ WeGIA Adicionar Unidade adicionar_unidade.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-6694
26 Jun 2025 — This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. • https://github.com/RaulPazemecxas/PoCVulDb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-29331
https://notcve.org/view.php?id=CVE-2025-29331
26 Jun 2025 — An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates • https://www.digilol.net/security-advisories/dlsec2025-001.html • CWE-295: Improper Certificate Validation •

CVE-2025-36038 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2025-36038
25 Jun 2025 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. • https://www.ibm.com/support/pages/node/7237967 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-52483 – Registrator.jl Vulnerable to Argument Injection and Command Injection
https://notcve.org/view.php?id=CVE-2025-52483
25 Jun 2025 — Alternatively, an argument injection is possible in the `gettreesha `function. either of these can then lead to a potential RCE. Users should upgrade immediately to v1.9.5 to receive a fix. • https://github.com/JuliaRegistries/Registrator.jl/pull/448 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2025-52480 – Registrator.jl Argument Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-52480
25 Jun 2025 — This can then lead to a potential remote code execution. • https://github.com/JuliaRegistries/Registrator.jl/pull/449 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVE-2025-49153 – MICROSENS NMP Web+ Path Traversal
https://notcve.org/view.php?id=CVE-2025-49153
25 Jun 2025 — MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2025-20282 – Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-20282
25 Jun 2025 — A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. ... A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 • CWE-269: Improper Privilege Management •