CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-5120 – Sandbox Escape Vulnerability in huggingface/smolagents
https://notcve.org/view.php?id=CVE-2025-5120
27 Jul 2025 — This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. • https://huntr.com/bounties/63ab1cfe-b573-4cf5-a7d3-fb6c957e34b0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-8222 – jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java cross site scripting
https://notcve.org/view.php?id=CVE-2025-8222
27 Jul 2025 — A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.317810 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-8221 – jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsCustController.java goodsSearch cross site scripting
https://notcve.org/view.php?id=CVE-2025-8221
27 Jul 2025 — A vulnerability classified as problematic was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this vulnerability is the function goodsSearch of the file GoodsCustController.java. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.317809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-8211 – Roothub SystemConfigAdminController.java edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-8211
26 Jul 2025 — A vulnerability was found in Roothub up to 2.6. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.317779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8206 – Comodo Dragon IP DNS Leakage Detector cross site scripting
https://notcve.org/view.php?id=CVE-2025-8206
26 Jul 2025 — A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998.179. This affects an unknown part of the component IP DNS Leakage Detector. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://vuldb.com/?id.317775 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 1CVE-2025-8191 – macrozheng mall Swagger UI index.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-8191
26 Jul 2025 — A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.317604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54413 – skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time
https://notcve.org/view.php?id=CVE-2025-54413
26 Jul 2025 — This can be used to achieve arbitrary code execution at load time. • https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp • CWE-351: Insufficient Type Distinction •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54412 – skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution
https://notcve.org/view.php?id=CVE-2025-54412
26 Jul 2025 — This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. • https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3 • CWE-351: Insufficient Type Distinction •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8167 – code-projects Church Donation System edit_members.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8167
25 Jul 2025 — A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.317581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-34138 – Sitecore XM/XP/XC and Managed Cloud 9.2 - 10.4 RCE
https://notcve.org/view.php?id=CVE-2025-34138
25 Jul 2025 — A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow remote code execution or unauthorized access to information. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are similarly affected. A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... • https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003743 • CWE-94: Improper Control of Generation of Code ('Code Injection') •