CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2025-44182
https://notcve.org/view.php?id=CVE-2025-44182
15 May 2025 — This allows attackers to execute arbitrary code. • https://phpgurukul.com/vehicle-record-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-46052
https://notcve.org/view.php?id=CVE-2025-46052
15 May 2025 — An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php • https://github.com/johnchd/CVEs/blob/main/WebERP/CVE-2025-46052%20-%20SQLi.md •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-46053
https://notcve.org/view.php?id=CVE-2025-46053
15 May 2025 — A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php • https://www.weberp.org •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0134 – Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM
https://notcve.org/view.php?id=CVE-2025-0134
14 May 2025 — A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM. • https://security.paloaltonetworks.com/CVE-2025-0134 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47782 – motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
https://notcve.org/view.php?id=CVE-2025-47782
14 May 2025 — In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. • https://github.com/motioneye-project/motioneye/issues/3142 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47777 – 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-47777
14 May 2025 — This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. • https://positive.security/blog/url-open-rce • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4126 – EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2025-4126
14 May 2025 — This makes it possible for authenticated attackers - with contributor-level access and above, on sites with the Classic Editor plugin activated - to inject arbitrary JavaScript code in the titletag attribute that will execute whenever a user access an injected page. • https://plugins.trac.wordpress.org/browser/eg-series/trunk/lib/eg-plugin.inc.php#L546 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3917 – 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-3917
14 May 2025 — The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/baiduseo/tags/2.0.6/inc/index/youhua.php#L371 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47292 – Cap Collectif vulnerable to insecure deserialization leading to remote code execution
https://notcve.org/view.php?id=CVE-2025-47292
14 May 2025 — Exploitation of this vulnerability can lead to Remote Code Execution. • https://github.com/cap-collectif/cap-collectif/commit/812f2a7d271b76deab1175bdaf2be0b8102dd198 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24780 – Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
https://notcve.org/view.php?id=CVE-2024-24780
14 May 2025 — Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. ... Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. • https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj • CWE-94: Improper Control of Generation of Code ('Code Injection') •