CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28893 – WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-28893
24 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2673 – code-projects Payroll Management System home_employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2673
23 Mar 2025 — A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29806 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29806
23 Mar 2025 — No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2650 – PHPGurukul Medical Card Generation System download-medical-cards.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2650
23 Mar 2025 — A vulnerability, which was classified as problematic, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/liuhao2638/cve/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2645 – PHPGurukul Art Gallery Management System product.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2645
23 Mar 2025 — A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /product.php. The manipulation of the argument artname leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/liuhao2638/cve/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2623 – westboy CicadasCMS save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2623
22 Mar 2025 — A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launched remotely. • https://github.com/IceFoxH/VULN/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2617 – yangyouwang 杨有旺 crud 简约后台管理系统 Department Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-2617
22 Mar 2025 — A vulnerability classified as problematic was found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/yangyouwang/crud/issues/IBSPOX • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2616 – yangyouwang 杨有旺 crud 简约后台管理系统 Role Management Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-2616
22 Mar 2025 — A vulnerability classified as problematic has been found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected is an unknown function of the component Role Management Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/yangyouwang/crud/issues/IBSPOX • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2303 – Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-2303
21 Mar 2025 — The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/block-logic/tags/1.0.8/block-logic.php#L127 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2590 – code-projects Human Resource Management System recruitment.go UpdateRecruitmentById cross site scripting
https://notcve.org/view.php?id=CVE-2025-2590
21 Mar 2025 — A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross site scripting. It is possible to launch the attack remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •