Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-25621

    Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 17, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-25618

    Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 17, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-25612

    FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" f... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-1774

    Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be i... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2025-1398

    Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 17, 2025
    • Modified: Mar. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2380

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injectio... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2379

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. The ... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-29788

    The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item q... Read more

    Affected Products : sylius
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-29787

    `zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive... Read more

    Affected Products : zip
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-29786

    Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for ea... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-27102

    Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the em... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0833

    A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's brow... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0832

    A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0830

    A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0829

    A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser ses... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0828

    A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's bro... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0827

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0826

    A stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser s... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0601

    A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's brow... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0600

    A stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293284 Results