CVE-2024-13917 |
Description: An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.
Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. One must know the protecting PIN number (it might be revealed by exploiting CVE-2024-13916) or ask the user to provide it.
Vendor did not provide information about vulnerable versions.
Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability
CVSS: HIGH (8.3) SSVC Exploitation: none
May 30th, 2025 (about 2 hours ago)
|
![]() |
Description: An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.
This issue affects Apache Superset: before 4.1.2.
Users are recommended to upgrade to version 4.1.2, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48912
https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135
https://github.com/advisories/GHSA-8w7f-8pr9-xgwj
CVSS: HIGH (7.1)
May 30th, 2025 (about 2 hours ago)
|
![]() |
Description: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-41235
https://spring.io/security/cve-2025-41235
https://github.com/advisories/GHSA-6j2q-c73v-97c5
CVSS: HIGH (8.6)
May 30th, 2025 (about 2 hours ago)
|
CVE-2025-4992 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7)
May 30th, 2025 (about 3 hours ago)
|
CVE-2025-4991 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7)
May 30th, 2025 (about 3 hours ago)
|
CVE-2025-4990 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7)
May 30th, 2025 (about 3 hours ago)
|
CVE-2025-4989 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7)
May 30th, 2025 (about 3 hours ago)
|
CVE-2025-4988 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7)
May 30th, 2025 (about 3 hours ago)
|
CVE-2025-4986 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7)
May 30th, 2025 (about 3 hours ago)
|
CVE-2025-4985 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7)
May 30th, 2025 (about 3 hours ago)
|