CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0119 – Cortex XDR Broker VM: Authenticated Command Injection Vulnerability in Broker VM
https://notcve.org/view.php?id=CVE-2025-0119
11 Apr 2025 — A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM. A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM. • https://security.paloaltonetworks.com/CVE-2025-0119 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32075 – IP and user agent leaks in Extension:Tabs
https://notcve.org/view.php?id=CVE-2025-32075
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42970
https://notcve.org/view.php?id=CVE-2023-42970
11 Apr 2025 — Processing web content may lead to arbitrary code execution. • https://support.apple.com/en-us/120330 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42875
https://notcve.org/view.php?id=CVE-2023-42875
11 Apr 2025 — Processing web content may lead to arbitrary code execution. • https://support.apple.com/en-us/120330 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13861
https://notcve.org/view.php?id=CVE-2024-13861
11 Apr 2025 — A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250411-taegis-agent-lpe • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0125 – PAN-OS: Improper Neutralization of Input in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0125
11 Apr 2025 — An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended criti... • https://security.paloaltonetworks.com/CVE-2025-0125 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32383 – MaxKB has a reverse shell vulnerability in function library
https://notcve.org/view.php?id=CVE-2025-32383
10 Apr 2025 — MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts. • https://github.com/1Panel-dev/MaxKB/commit/4ae02c8d3eb65542c88ef58c0abd94c52c949d8f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3489 – Nababur Simple-User-Management-System register.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-3489
10 Apr 2025 — A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.304298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3422 – Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2025-3422
10 Apr 2025 — The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. El complemento The Everest Forms – Contac... • https://plugins.trac.wordpress.org/changeset/3268742 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2632 – Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache
https://notcve.org/view.php?id=CVE-2025-2632
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •