8.7
CVE-2025-10556 - Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specif…
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2025-10552 - Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENC…
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
8.6
CVE-2025-11673 - PiExtract |SOOP-CLM - Hidden Functionality
SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
9
CVE-2025-9976 - OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Rel…
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.
6.9
CVE-2025-11672 - EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
5.3
CVE-2025-11667 - code-projects Automated Voting System add_candidate_modal.php. sql injection
A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has b…
6.9
CVE-2025-11671 - EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses.
8.4
CVE-2025-11666 - Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed lo…
8.7
CVE-2025-8915 - Hardcoded TLS private key in Kiloview N30 firmware
Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network
10
CVE-2025-9265 - API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version la…