CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2219 – LoveCards LoveCardsV2 image unrestricted upload
https://notcve.org/view.php?id=CVE-2025-2219
12 Mar 2025 — A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://ctf-n0el4kls.notion.site/LoveCardsV2-Unauthentication-to-RCE-Vulnerability-19841990f44780de8263c1f77a007a83 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2218 – LoveCards LoveCardsV2 Setting other access control
https://notcve.org/view.php?id=CVE-2025-2218
12 Mar 2025 — This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. • https://ctf-n0el4kls.notion.site/LoveCardsV2-Unauthentication-to-RCE-Vulnerability-19841990f44780de8263c1f77a007a83? • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2231 – PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2231
12 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1119 – Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2025-1119
12 Mar 2025 — The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3250719/simply-schedule-appointments/trunk/booking-app-new/page-appointment-edit.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2214 – Microweber Settings index.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2214
11 Mar 2025 — Davon betroffen ist unbekannter Code der Datei userfiles/modules/settings/group/website_group/index.php der Komponente Settings Handler. • https://github.com/Fewword/Poc/blob/main/microweber/mwb-poc1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2213 – Castlenet CBW383G2N Wireless Menu wlanPrimaryNetwork.asp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2213
11 Mar 2025 — This vulnerability affects unknown code of the file /wlanPrimaryNetwork.asp of the component Wireless Menu. • https://vuldb.com/?ctiid.299284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2212 – Castlenet CBW383G2N RgSwInfo.asp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2212
11 Mar 2025 — A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been classified as problematic. This affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.299283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2211 – aitangbao springboot-manager add cross site scripting
https://notcve.org/view.php?id=CVE-2025-2211
11 Mar 2025 — A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2210 – aitangbao springboot-manager add cross site scripting
https://notcve.org/view.php?id=CVE-2025-2210
11 Mar 2025 — A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2209 – aitangbao springboot-manager add cross site scripting
https://notcve.org/view.php?id=CVE-2025-2209
11 Mar 2025 — A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •