2.1

CVSS4.0

CVE-2025-27512 - Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the `zincati` system user to use the actions `org.projectatomic.rpmostree1.deploy` to deploy updates to the system and `org.projectatomic.rpmostree1.finalize-deployment` to reboot the system into the d…

πŸ“… Published: March 17, 2025, 2:46 p.m. πŸ”„ Last Modified: March 17, 2025, 3:15 p.m.

6.9

CVSS4.0

CVE-2025-2381 - PHPGurukul Curfew e-Pass Management System search-pass.php sql injection

A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit …

πŸ“… Published: March 17, 2025, 2:31 p.m. πŸ”„ Last Modified: March 17, 2025, 3:15 p.m.

10

CVSS4.0

CVE-2025-1398 - macOS TCC Bypass via Code Injection

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

πŸ“… Published: March 17, 2025, 2:19 p.m. πŸ”„ Last Modified: March 17, 2025, 3:15 p.m.

6.9

CVSS4.0

CVE-2025-2380 - PHPGurukul Apartment Visitors Management System admin-profile.php sql injection

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The…

πŸ“… Published: March 17, 2025, 2 p.m. πŸ”„ Last Modified: March 17, 2025, 3:14 p.m.

8.7

CVSS3.1

CVE-2025-0833 - Stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative …

A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

πŸ“… Published: March 17, 2025, 1:50 p.m. πŸ”„ Last Modified: March 17, 2025, 2:15 p.m.

8.7

CVSS3.1

CVE-2025-0832 - Stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Ind…

A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

πŸ“… Published: March 17, 2025, 1:50 p.m. πŸ”„ Last Modified: March 17, 2025, 2:15 p.m.

8.7

CVSS3.1

CVE-2025-0830 - Stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manag…

A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

πŸ“… Published: March 17, 2025, 1:50 p.m. πŸ”„ Last Modified: March 17, 2025, 2:15 p.m.

8.7

CVSS3.1

CVE-2025-0829 - Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industr…

A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

πŸ“… Published: March 17, 2025, 1:50 p.m. πŸ”„ Last Modified: March 17, 2025, 2:15 p.m.

8.7

CVSS3.1

CVE-2025-0828 - Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Eng…

A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

πŸ“… Published: March 17, 2025, 1:50 p.m. πŸ”„ Last Modified: March 17, 2025, 2:15 p.m.

8.7

CVSS3.1

CVE-2025-0827 - Stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIE…

A stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

πŸ“… Published: March 17, 2025, 1:49 p.m. πŸ”„ Last Modified: March 17, 2025, 2:15 p.m.
Total resulsts: 285602
Page 7 of 28,561
Β« previous page Β» next page
Filters