CVSS: 4.8EPSS: %CPEs: -EXPL: 0CVE-2025-3157 – Intelbras WRN 150 Wireless Menu cross site scripting
https://notcve.org/view.php?id=CVE-2025-3157
03 Apr 2025 — A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?id.303101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: %CPEs: 1EXPL: 0CVE-2025-2945 – pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
https://notcve.org/view.php?id=CVE-2025-2945
03 Apr 2025 — The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. • https://github.com/pgadmin-org/pgadmin4/issues/8603 •
CVSS: 5.1EPSS: %CPEs: 1EXPL: 1CVE-2025-3152 – caipeichao ThinkOX Search search.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-3152
03 Apr 2025 — A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/dtwin88/cve-md/blob/main/ThinkOX1.0/ThinkOX1.0.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: %CPEs: 8EXPL: 1CVE-2025-3149 – itning Student Homework Management System Edit Job Page fileupload cross site scripting
https://notcve.org/view.php?id=CVE-2025-3149
03 Apr 2025 — A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. • https://gitee.com/nwtmd5/cve/issues/IBVLXL • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: %CPEs: 1EXPL: 0CVE-2025-0014
https://notcve.org/view.php?id=CVE-2025-0014
02 Apr 2025 — Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: %CPEs: 1EXPL: 0CVE-2025-31722
https://notcve.org/view.php?id=CVE-2025-31722
02 Apr 2025 — In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-30580 – WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30580
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/digiwidgets-image-editor/vulnerability/wordpress-digiwidgets-image-editor-1-10-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30065 – Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
https://notcve.org/view.php?id=CVE-2025-30065
01 Apr 2025 — Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. • https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30911 – WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-30911
01 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. • https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3051 – Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory
https://notcve.org/view.php?id=CVE-2025-3051
01 Apr 2025 — If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. ... If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. • https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html • CWE-427: Uncontrolled Search Path Element •