CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2024-13557 – Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13557
28 Mar 2025 — The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: %CPEs: 1EXPL: 0CVE-2025-2803 – So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2025-2803
28 Mar 2025 — The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2878 – Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting
https://notcve.org/view.php?id=CVE-2025-2878
27 Mar 2025 — A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database leads to cross site scripting. The attack can be launched remotely. • https://devnet.kentico.com/download/hotfixes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30067 – Apache Kylin: The remote code execution via jdbc url
https://notcve.org/view.php?id=CVE-2025-30067
27 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. • https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2867 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2025-2867
27 Mar 2025 — An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. • https://gitlab.com/gitlab-org/gitlab/-/issues/512509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-29306
https://notcve.org/view.php?id=CVE-2025-29306
27 Mar 2025 — An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. • https://github.com/somatrasss/CVE-2025-29306 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2787 – Ingress-nginx vulnerability in KNIME Business Hub
https://notcve.org/view.php?id=CVE-2025-2787
26 Mar 2025 — KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following ver... • https://www.knime.com/security/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-28893 – WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-28893
26 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55964
https://notcve.org/view.php?id=CVE-2024-55964
26 Mar 2025 — An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41643
https://notcve.org/view.php?id=CVE-2024-41643
26 Mar 2025 — An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. • https://gavpherk.github.io/GavinKelsey • CWE-94: Improper Control of Generation of Code ('Code Injection') •