Studio Security Vulnerabilities
Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was...
8.3AI Score
IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator...
8.4CVSS
6.9AI Score
0.0004EPSS
Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted...
7.8AI Score
0.0004EPSS
VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running...
7.9AI Score
0.0004EPSS
Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted...
7.7AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
7.3CVSS
8.1AI Score
0.0004EPSS
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute....
6.4CVSS
6.1AI Score
0.0004EPSS
7.3CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.0005EPSS
8.8CVSS
7.6AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.0005EPSS
Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...
4.7CVSS
6.5AI Score
0.0004EPSS
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryption....
8.3CVSS
8.4AI Score
0.0004EPSS
7.5CVSS
7.4AI Score
0.003EPSS
7.5CVSS
7.4AI Score
0.001EPSS
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through...
7.5CVSS
7.4AI Score
0.0005EPSS
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from...
7.8CVSS
7.4AI Score
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through...
7.8CVSS
7.7AI Score
0.001EPSS
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4...
8.8CVSS
7.5AI Score
0.0004EPSS
An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command...
9.8CVSS
8.1AI Score
0.001EPSS
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRF_PROTECTION_ENABLED environment variable can be bypassed to...
5.3CVSS
7.2AI Score
0.001EPSS
In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the...
7.8CVSS
7.2AI Score
0.001EPSS
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...
6.1CVSS
7.4AI Score
0.001EPSS
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing...
5.4CVSS
5.8AI Score
0.023EPSS
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in...
7.8CVSS
7.3AI Score
0.001EPSS
Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the...
7.8CVSS
8.2AI Score
0.001EPSS
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different...
7.8CVSS
7.8AI Score
0.0004EPSS
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized...
7.8CVSS
7.5AI Score
0.0005EPSS
6.8CVSS
6.7AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
9.8CVSS
7.4AI Score
0.001EPSS
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass...
8.7CVSS
8.1AI Score
0.002EPSS
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of.....
6.1CVSS
6.7AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target...
7.8CVSS
7.8AI Score
0.0004EPSS
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of...
7.1CVSS
7.3AI Score
0.0004EPSS
5.5CVSS
6.9AI Score
0.0005EPSS
7.5CVSS
6.9AI Score
0.002EPSS
9.8CVSS
7AI Score
0.001EPSS
5.5CVSS
7.3AI Score
0.0004EPSS