Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    CVSS31
    CVE-2025-4986

    A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 8.7

    CVSS31
    CVE-2025-4985

    A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 8.7

    CVSS31
    CVE-2025-4984

    A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 8.7

    CVSS31
    CVE-2025-4983

    A stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 3.1

    CVSS31
    CVE-2025-3611

    Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 5.4

    CVSS31
    CVE-2025-3230

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token va... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 4.2

    CVSS31
    CVE-2025-2571

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 3.1

    CVSS31
    CVE-2025-1792

    Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels v... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 8.7

    CVSS31
    CVE-2025-0602

    A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 4.3

    CVSS31
    CVE-2024-7097

    An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors t... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 4.2

    CVSS31
    CVE-2024-7096

    A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * S... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 4.7

    CVSS31
    CVE-2025-4598

    A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 7.5

    CVSS31
    CVE-2025-48331

    Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 8.8

    CVSS31
    CVE-2025-4433

    Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups wi... Read more

    Affected Products : devolutions_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 5.9

    CVSS31
    CVE-2025-40909

    Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for ... Read more

    Affected Products : perl
    • Published: May. 30, 2025
    • Modified: May. 31, 2025

  • 7.4

    CVSS31
    CVE-2025-2500

    A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-1484

    A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a reque... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
Showing 20 of 97 Results
© cvefeed.io
Latest DB Update: Jun. 01, 2025 12:43