CVSS: 10.0EPSS: 83%CPEs: 2EXPL: 15CVE-2025-1974 – ingress-nginx admission controller RCE escalation
https://notcve.org/view.php?id=CVE-2025-1974
24 Mar 2025 — A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. • https://packetstorm.news/files/id/190070 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2715 – timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2715
24 Mar 2025 — A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/janssensjelle/published-pocs/blob/main/weberp-xss-confirm-dispatch.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2714 – JoomlaUX JUX Real Estate addagent cross site scripting
https://notcve.org/view.php?id=CVE-2025-2714
24 Mar 2025 — A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents/agent-register/addagent. The manipulation of the argument plan_id leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.300734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2712 – Yonyou UFIDA ERP-NC top.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2712
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2711 – Yonyou UFIDA ERP-NC systop.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2711
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2710 – Yonyou UFIDA ERP-NC menu.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2710
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2709 – Yonyou UFIDA ERP-NC login.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2709
24 Mar 2025 — A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/84 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 1CVE-2025-2700 – michelson Dante Editor Insert Link cross site scripting
https://notcve.org/view.php?id=CVE-2025-2700
24 Mar 2025 — A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/Masamuneee/3be24bf5bf2b09dc61ead2af89363f86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 1CVE-2025-2699 – GetmeUK ContentTools Image cross site scripting
https://notcve.org/view.php?id=CVE-2025-2699
24 Mar 2025 — A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. • https://gist.github.com/Masamuneee/657f2e2b0eb5bf9b0d4dbb79f00dac37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30615 – WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-30615
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Code Injection. • https://patchstack.com/database/wordpress/plugin/wp-e-commerce-style-email/vulnerability/wordpress-wp-e-commerce-style-email-plugin-0-6-2-csrf-to-remote-code-execution-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •