2.1
CVE-2025-27512 - Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the `zincati` system user to use the actions `org.projectatomic.rpmostree1.deploy` to deploy updates to the system and `org.projectatomic.rpmostree1.finalize-deployment` to reboot the system into the dβ¦
6.9
CVE-2025-2381 - PHPGurukul Curfew e-Pass Management System search-pass.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit β¦
10
CVE-2025-1398 - macOS TCC Bypass via Code Injection
Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
6.9
CVE-2025-2380 - PHPGurukul Apartment Visitors Management System admin-profile.php sql injection
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. Theβ¦
8.7
CVE-2025-0833 - Stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative β¦
A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2025-0832 - Stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Indβ¦
A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2025-0830 - Stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Managβ¦
A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2025-0829 - Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industrβ¦
A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2025-0828 - Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engβ¦
A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2025-0827 - Stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIEβ¦
A stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.