CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

PT-2026-1864

Name of the Vulnerable Software and Affected Versions ARIS version 10.0.23.0.3587512 Description A file upload issue exists in ARIS version 10.0.23.0.3587512. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file containing malware. The vulnerability involves...

Software ARIS 安全漏洞

Software ARIS is a business process analysis tool from Software, Germany. A security vulnerability exists in Software ARIS version 10.0.23.0.3587512, which stems from a flaw in the file upload functionality that could lead to the execution of arbitrary code...

CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

CVE-2025-66838

The CVE describes an issue in ARIS prior to version 10.0.23.0.3587512 where the file upload function does not enforce rate limiting/throttling. This allows an attacker to upload a large volume of files at an unrestricted rate, potentially causing resource exhaustion such as disk space depletion, ...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

CVE-2025-66837

CVE-2025-66837 concerns ARIS 10.0.23.0.3587512, where a file upload vulnerability in the upload handling could allow an attacker to execute arbitrary code by submitting a crafted PDF file containing malware. The NVD entry lists a CVSSv3.1 base score of 6.8 (Medium) with network attack vector, hig...

Software ARIS 安全漏洞

Software ARIS is a business process analysis tool from Software, Germany. A security vulnerability exists in Software ARIS 10.0.23.0.3587512 and prior versions, which stems from a lack of rate limiting in the file upload functionality and could lead to resource exhaustion...

PT-2026-1865

Name of the Vulnerable Software and Affected Versions Aris versions prior to 10.0.23.0.3587512 Description The file upload functionality does not implement rate limiting or throttling, enabling unrestricted file uploads. This allows an attacker to upload a large number of files quickly, potential...

EUVD-2010-2146

Malware in sbrugna...

ARIS: Business Process Management 10.0.21.0 Cross Site Scripting

Exploit Title: Stored Cross-Site Scripting XSS in ARIS: Business Process Management Edition Version 10.0.21.0 Exploit Author: Seid Yassin Date: 2024-03-28 Vendor: Software AG Software Link: https://aris.com/ Version: ARIS: Business Process Management Description: Discovered a file upload feature...

The vulnerability of the built-in software of the ARIS controller lies in the ability to download unlimited files of a dangerous type, allowing a perpetrator to execute arbitrary code.

The vulnerability of the built-in software of the ARIS controller is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...

The vulnerability of the built-in software of the ARIS controller, related to uncontrolled resource consumption, allows a intruder to cause a service failure.

The vulnerability of the built-in software of the ARIS controller is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by loading a specially crafted file...