Studio Security Vulnerabilities
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different...
4.3CVSS
5.5AI Score
0.0005EPSS
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic...
7.5CVSS
8AI Score
0.001EPSS
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are...
3.3CVSS
5.3AI Score
0.0004EPSS
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to...
5.3CVSS
5.2AI Score
0.0005EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure...
9.8CVSS
9.3AI Score
0.001EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za...
5.4CVSS
5.4AI Score
0.0004EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API.....
5.4CVSS
5.6AI Score
0.0004EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery...
8.8CVSS
8.7AI Score
0.001EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via...
9.1CVSS
9.1AI Score
0.001EPSS
Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as...
8.8CVSS
8.6AI Score
0.001EPSS
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded...
9.8CVSS
9.4AI Score
0.001EPSS
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious...
8.8CVSS
9.1AI Score
0.001EPSS
6.6CVSS
6.2AI Score
0.001EPSS
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel...
7.8CVSS
7.3AI Score
0.001EPSS
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP...
7.5CVSS
7.6AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1...
4.8CVSS
4.9AI Score
0.0005EPSS
5.5CVSS
5.7AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.002EPSS
5.5CVSS
6AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.002EPSS
7.8CVSS
8AI Score
0.002EPSS
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE)...
8.2CVSS
8.2AI Score
0.001EPSS
The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF...
6.5CVSS
6.4AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
5.6CVSS
6.4AI Score
0.0005EPSS
7.8CVSS
8.3AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
8.2AI Score
0.0004EPSS
7.3CVSS
8.1AI Score
0.001EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service...
8.1CVSS
8.5AI Score
0.0005EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted...
9.8CVSS
9.3AI Score
0.002EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service...
8.1CVSS
8.5AI Score
0.0005EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart...
6.5CVSS
7.1AI Score
0.001EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system....
7.2CVSS
7.6AI Score
0.002EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary...
9.6CVSS
9AI Score
0.002EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service...
9.8CVSS
9.5AI Score
0.002EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete arbitrary files and cause a denial-of-service...
6.5CVSS
7AI Score
0.001EPSS
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system.....
7.2CVSS
7.6AI Score
0.002EPSS
7.8CVSS
8AI Score
0.001EPSS
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended...
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference....
4.3CVSS
4.8AI Score
0.001EPSS
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code...
7.8CVSS
7.8AI Score
0.001EPSS
7.8CVSS
8.7AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal...
9.6CVSS
7.7AI Score
0.001EPSS
7.8CVSS
8AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.002EPSS
7.8CVSS
7.5AI Score
0.0005EPSS
7.4CVSS
7.4AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.0004EPSS