NuytsTech Security

NuytsTech Security

CVE-2025-4983

A stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. Assigner : 3DS.Information-Security@3ds.com More information...

CVE-2025-3611

Mattermost versions 10.7.x

CVE-2025-3230

Mattermost versions 10.7.x

CVE-2025-2571

Mattermost versions 10.7.x

CVE-2025-1792

Mattermost versions 10.7.x

CVE-2025-0602

A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session. Assigner :...

CVE-2025-48331

Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0. Assigner : audit@patchstack.com...

CVE-2025-4598

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original’s privileged process coredump, allowing the...

CVE-2025-4433

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both “User Management” and “User Group Management” permissions to perform privilege escalation by adding users to...

CVE-2025-40909

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order...

CVE-2025-2500

A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible...

CVE-2025-1484

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this...

CVE-2025-5190

The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the ‘IS_BA_Browse_As::notice’ function with the ‘is_ba_original_user_COOKIEHASH’ cookie value....

CVE-2025-4944

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to...