Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2024-32054

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.00417EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.29 views

EUVD-2025-18212

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/14 8:17 p.m.13 views

CVE-2025-2745

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

6.5CVSS6.2AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/06/12 8:15 p.m.49 views

CVE-2025-2745

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

6.5CVSS0.00205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/12 7:42 p.m.13 views

CVE-2025-2745 AVEVA PI Web API Cross-site Scripting

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

6.5CVSS6.5AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/12 7:42 p.m.52 views

CVE-2025-2745 AVEVA PI Web API Cross-site Scripting

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

6.5CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2025/06/12 7:42 p.m.71 views

CVE-2025-2745

CVE-2025-2745 is a cross-site scripting vulnerability in AVEVA PI Web API (versions 2023 SP1 and prior). The root cause is improper handling that allows an authenticated attacker, with privileges to create/update annotations or upload media files, to persist arbitrary JavaScript code. The code co...

6.5CVSS6.3AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.9 views

PT-2025-25349 · Aveva · Aveva Pi Web Api

Name of the Vulnerable Software and Affected Versions: AVEVA PI Web API versions 2023 SP1 and prior Description: A cross-site scripting issue exists that could allow an authenticated attacker with privileges to create or update annotations, or upload media files, to persist arbitrary JavaScript...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 9:21 a.m.6 views

CVE-2024-3468

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker...

8.4CVSS7.2AI score0.00417EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/21 12:0 a.m.6 views

The vulnerability of the PI AVEVA PI Web API interface, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.

The vulnerability of the PI AVEVA PI Web API interface is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

8.7CVSS6AI score0.00417EPSS
Exploits0References4
NVD
NVD
added 2024/06/12 9:15 p.m.36 views

CVE-2024-3468

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker...

8.4CVSS0.00417EPSS
Exploits0References1
CVE
CVE
added 2024/06/12 9:4 p.m.91 views

CVE-2024-3468

CVE-2024-3468 affects AVEVA PI Web API (versions 2023 and earlier). The vulnerability is Deserialization of Untrusted Data that could allow malicious code to execute in the PI Web API environment when an interactive user is socially engineered to use API XML import payloads. CVSS details indicate...

8.4CVSS7.3AI score0.00417EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/12 9:4 p.m.13 views

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker...

8.4CVSS7.3AI score0.00417EPSS
Exploits0References1
Rows per page
Query Builder