Studio Security Vulnerabilities
7.8CVSS
7.9AI Score
0.011EPSS
7.8CVSS
7.9AI Score
0.106EPSS
7.8CVSS
6.2AI Score
0.001EPSS
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz...
7.5CVSS
7.2AI Score
0.025EPSS
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip...
7.5CVSS
7.4AI Score
0.012EPSS
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz...
7.5CVSS
7.1AI Score
0.021EPSS
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar...
7.5CVSS
7.3AI Score
0.014EPSS
Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming...
7.8CVSS
7.8AI Score
0.001EPSS
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as...
9.8CVSS
9.6AI Score
0.016EPSS
7.3CVSS
7.1AI Score
0.001EPSS
5.9CVSS
6.1AI Score
0.002EPSS
7.8CVSS
7.9AI Score
0.101EPSS
7.8CVSS
7.9AI Score
0.101EPSS
7.8CVSS
7.9AI Score
0.101EPSS
7.3CVSS
7.1AI Score
0.002EPSS
8.8CVSS
8.8AI Score
0.013EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS...
5.4CVSS
5.2AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.079EPSS
7.8CVSS
7.8AI Score
0.079EPSS
7.8CVSS
7.7AI Score
0.079EPSS
7CVSS
7.2AI Score
0.024EPSS
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution...
7.8CVSS
7.8AI Score
0.079EPSS
7.8CVSS
7.8AI Score
0.079EPSS
7.8CVSS
7.7AI Score
0.079EPSS
7.8CVSS
7.7AI Score
0.079EPSS
7.8CVSS
7.7AI Score
0.079EPSS
7.8CVSS
8AI Score
0.0005EPSS
7.8CVSS
8AI Score
0.0005EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path...
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain...
7.8CVSS
7.6AI Score
0.0004EPSS
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The...
5.9CVSS
6AI Score
0.186EPSS
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration...
9.8CVSS
9.6AI Score
0.007EPSS
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and.....
7.4CVSS
7.2AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.013EPSS
7.8CVSS
7.8AI Score
0.013EPSS
7.8CVSS
7.8AI Score
0.013EPSS
7.8CVSS
7.8AI Score
0.013EPSS
7.8CVSS
7.8AI Score
0.013EPSS
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...
9.8CVSS
9.4AI Score
0.009EPSS
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to...
5.4CVSS
5.4AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.012EPSS
8.1CVSS
8.3AI Score
0.081EPSS