CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2623 – westboy CicadasCMS save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2623
22 Mar 2025 — A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launched remotely. • https://github.com/IceFoxH/VULN/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2617 – yangyouwang 杨有旺 crud 简约后台管理系统 Department Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-2617
22 Mar 2025 — A vulnerability classified as problematic was found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/yangyouwang/crud/issues/IBSPOX • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2616 – yangyouwang 杨有旺 crud 简约后台管理系统 Role Management Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-2616
22 Mar 2025 — A vulnerability classified as problematic has been found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected is an unknown function of the component Role Management Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/yangyouwang/crud/issues/IBSPOX • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2303 – Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-2303
21 Mar 2025 — The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/block-logic/tags/1.0.8/block-logic.php#L127 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2590 – code-projects Human Resource Management System recruitment.go UpdateRecruitmentById cross site scripting
https://notcve.org/view.php?id=CVE-2025-2590
21 Mar 2025 — A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross site scripting. It is possible to launch the attack remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 2CVE-2025-2583 – SimpleMachines SMF ManageNews.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2583
21 Mar 2025 — A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/Fewword/Poc/blob/main/smf/smf-poc5.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 2CVE-2025-2582 – SimpleMachines SMF ManageAttachments.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2582
21 Mar 2025 — A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fewword/Poc/blob/main/smf/smf-poc3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29807 – Microsoft Dataverse Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29807
21 Mar 2025 — Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29807 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8953 – Unsafe eval usage in composiohq/composio
https://notcve.org/view.php?id=CVE-2024-8953
20 Mar 2025 — This can lead to arbitrary code execution if untrusted input is passed to the eval() function. • https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c • CWE-627: Dynamic Variable Evaluation •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10252 – Code Injection in langgenius/dify
https://notcve.org/view.php?id=CVE-2024-10252
20 Mar 2025 — A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. • https://github.com/langgenius/dify/commit/4ac99ffe0e1c9f4d7c523908e91bbc7739e0a8d4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •