CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 1CVE-2025-3164 – Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection
https://notcve.org/view.php?id=CVE-2025-3164
03 Apr 2025 — The manipulation leads to code injection. ... Mittels dem Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.303110 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3163 – InternLM LMDeploy conf.py open code injection
https://notcve.org/view.php?id=CVE-2025-3163
03 Apr 2025 — The manipulation leads to code injection. ... Durch Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.303109 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3157 – Intelbras WRN 150 Wireless Menu cross site scripting
https://notcve.org/view.php?id=CVE-2025-3157
03 Apr 2025 — A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?id.303101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2945 – pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
https://notcve.org/view.php?id=CVE-2025-2945
03 Apr 2025 — The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eva... • https://github.com/pgadmin-org/pgadmin4/issues/8603 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3152 – caipeichao ThinkOX Search search.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-3152
03 Apr 2025 — A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/dtwin88/cve-md/blob/main/ThinkOX1.0/ThinkOX1.0.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 8EXPL: 1CVE-2025-3149 – itning Student Homework Management System Edit Job Page fileupload cross site scripting
https://notcve.org/view.php?id=CVE-2025-3149
03 Apr 2025 — A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. • https://gitee.com/nwtmd5/cve/issues/IBVLXL • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45198
https://notcve.org/view.php?id=CVE-2024-45198
03 Apr 2025 — insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution. Insightsoftware Spark JDBC 2.6.21 presenta una vulnerabilidad de ejecución remota de código. Los atacantes pueden inyectar parámetros maliciosos en la URL de JDBC, lo que activa la inyección JNDI durante el proceso cua... • https://gist.github.com/azraelxuemo/ef11311ae0633cbd3d794f73c64e3877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45199
https://notcve.org/view.php?id=CVE-2024-45199
03 Apr 2025 — insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution. Insightsoftware Hive JDBC hasta la versión 2.6.13 presenta una vulnerabilidad de ejecución remota de código. Los atacantes pueden inyectar parámetros maliciosos en la URL de JDBC, lo que desencadena la inyección... • https://gist.github.com/azraelxuemo/d019ad079d540ef28870dbd9552a7c62 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26818
https://notcve.org/view.php?id=CVE-2025-26818
03 Apr 2025 — Netwrix Password Secure through 9.2 allows command injection. Netwrix Password Secure hasta la versión 9.2 permite la inyección de comandos. • https://helpcenter.netwrix.com/bundle/PasswordSecure_9.2_ReleaseNotes/resource/Netwrix_PasswordSecure_9.2_BugFixList.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0014
https://notcve.org/view.php?id=CVE-2025-0014
02 Apr 2025 — Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-276: Incorrect Default Permissions •