8 matches found
CVE-2025-0828
A stored Cross-site Scripting XSS vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞
Dassault Systèmes ENOVIA Collaborative Industry Innovator is an essential toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...
CVE-2022-2024
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...
PT-2024-37583 · Ds Systemes · Enovia Collaborative Industry Innovator
Name of the Vulnerable Software and Affected Versions: ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x Description: A reflected Cross-site Scripting XSS vulnerability allows an attacker to execute arbitrary script code in a user's browser session...
GHSA-XJM6-JFMG-QC6P Aimeos denial of service vulnerability in SaaS and marketplace setups
Impact All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack Patches Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core package...
CVE-2022-2024 OS Command Injection in gogs/gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...
CVE-2022-2024 OS Command Injection in gogs/gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...
CVE-2022-2024
Vulnerability summary (CVE-2022-2024) : Gogs (gogs/gogs) versions prior to 0.12.11 are affected by an OS Command Injection in the repository file upload path. The issue arises when a crafted config file is placed into a repository’s .git directory during uploads, enabling remote command execution...