CVE-2024-0189 |
Description: A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input alert(x) leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability. In RRJ Nueva Ecija Engineer Online Portal 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei teacher_message.php der Komponente Create Message Handler. Dank der Manipulation des Arguments Content mit der Eingabe alert(x) mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.07% SSVC Exploitation: poc
May 9th, 2025 (29 days ago)
|
CVE-2024-0557 |
Description: A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in DedeBIZ 6.3.0 gefunden. Es betrifft eine unbekannte Funktion der Komponente Website Copyright Setting. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.06% SSVC Exploitation: poc
May 9th, 2025 (29 days ago)
|
CVE-2024-0599 |
Description: A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability. In Jspxcms 10.2.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei src\main\java\com\jspxcms\core\web\back\InfoController.java der Komponente Document Management Page. Durch Manipulation des Arguments title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.18% SSVC Exploitation: poc
May 9th, 2025 (29 days ago)
|
![]() |
Description: inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-47735
https://github.com/Nugine/wgp/issues/1
https://github.com/advisories/GHSA-2w4w-4385-vh4h
CVSS: LOW (2.9) EPSS Score: 0.02%
May 9th, 2025 (29 days ago)
|
![]() |
Description: dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-47736
https://github.com/gwenn/lemon-rs/issues/86
https://github.com/tursodatabase/libsql/issues/2052
https://github.com/gwenn/lemon-rs/pull/8
https://crates.io/crates/libsql-sqlite3-parser
https://github.com/advisories/GHSA-8m95-fffc-h4c5
CVSS: LOW (2.9) EPSS Score: 0.02%
May 9th, 2025 (29 days ago)
|
![]() |
Description: lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-47737
https://github.com/Geal/trailer/issues/2
https://crates.io/crates/trailer
https://github.com/advisories/GHSA-6x45-r4pr-5362
CVSS: LOW (2.9) EPSS Score: 0.02%
May 9th, 2025 (29 days ago)
|
CVE-2025-4470 |
Description: A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. In SourceCodester Online Student Clearance System 1.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /admin/add-student.php. Dank Manipulation des Arguments Fullname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.03%
May 9th, 2025 (30 days ago)
|
CVE-2025-47737 |
Description: lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.
CVSS: LOW (2.9) EPSS Score: 0.02%
May 9th, 2025 (30 days ago)
|
CVE-2025-47736 |
Description: dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.
CVSS: LOW (2.9) EPSS Score: 0.02%
May 9th, 2025 (30 days ago)
|
CVE-2025-47735 |
Description: inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.
CVSS: LOW (2.9) EPSS Score: 0.02%
May 9th, 2025 (30 days ago)
|