Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13917
Intent Injection in Kruger&Matz AppLock application
Description: An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. One must know the protecting PIN number (it might be revealed by exploiting CVE-2024-13916) or ask the user to provide it. Vendor did not provide information about vulnerable versions. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability

CVSS: HIGH (8.3)

SSVC Exploitation: none

Source: CVE
May 30th, 2025 (about 2 hours ago)
[apache-superset] Apache Superset: Improper authorization bypass on row level security via SQL Injection
Description: An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects Apache Superset: before 4.1.2. Users are recommended to upgrade to version 4.1.2, which fixes the issue. References https://nvd.nist.gov/vuln/detail/CVE-2025-48912 https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135 https://github.com/advisories/GHSA-8w7f-8pr9-xgwj

CVSS: HIGH (7.1)

Source: Github Advisory Database (PIP)
May 30th, 2025 (about 2 hours ago)
[org.springframework.cloud:spring-cloud-gateway-server] Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Description: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. References https://nvd.nist.gov/vuln/detail/CVE-2025-41235 https://spring.io/security/cve-2025-41235 https://github.com/advisories/GHSA-6j2q-c73v-97c5

CVSS: HIGH (8.6)

Source: Github Advisory Database (Maven)
May 30th, 2025 (about 2 hours ago)

CVE-2025-4992
Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x thr...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

Source: CVE
May 30th, 2025 (about 3 hours ago)

CVE-2025-4991
Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Re...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

Source: CVE
May 30th, 2025 (about 3 hours ago)

CVE-2025-4990
Stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DE...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

Source: CVE
May 30th, 2025 (about 3 hours ago)

CVE-2025-4989
Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERI...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

Source: CVE
May 30th, 2025 (about 3 hours ago)

CVE-2025-4988
Stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

Source: CVE
May 30th, 2025 (about 3 hours ago)

CVE-2025-4986
Stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEX...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

Source: CVE
May 30th, 2025 (about 3 hours ago)

CVE-2025-4985
Stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Rel...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

Source: CVE
May 30th, 2025 (about 3 hours ago)