175 matches found
CVE-2026-35383 Bentley Systems iTwin Platform exposed access token
Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete...
Bentley Systems iTwin Platform 安全漏洞
Bentley Systems iTwin Platform is a digital twin cloud platform developed by Bentley Systems. It supports infrastructure data modeling and full-lifecycle management. There is a security vulnerability in Bentley Systems iTwin Platform, which stems from exposed access tokens in the web page source...
EUVD-2022-43501
Malicious code in bioql PyPI...
EUVD-2024-51771
Malicious code in bioql PyPI...
EUVD-2022-44804
Malicious code in bioql PyPI...
CVE-2024-53007
Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...
CVE-2022-40201
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design DGN file is parsed. This may allow an attacker to execute arbitrary code...
CVE-2024-53007
Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...
CVE-2024-53007
CVE-2024-53007 affects Bentley Systems ProjectWise Integration Server prior to 10.00.03.288. An authenticated user can cause unintended SQL query execution via an API call. The CVSS 3.1 base score is 6.4 (MEDIUM): attack vector LOCAL, privileges required LOW, user interaction NONE, with confident...
Bentley Systems ProjectWise Integration Server 安全漏洞
Bentley Systems ProjectWise Integration Server is an application from Bentley Systems, USA. A security vulnerability exists in Bentley Systems ProjectWise Integration Server versions prior to 10.00.03.288. An attacker could exploit the vulnerability to execute unexpected SQL queries via API calls...
CVE-2024-53007
Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...
Bentley Systems Bentley View 安全漏洞
Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A security vulnerability exists in Bentley Systems Bentley View that originates from a specific flaw in the parsing of FBX files, which can be exploited by an attacker to execute code in the context of the current process...
Selected Bentley Systems Products Security Vulnerabilities
Bentley Systems eB System Management Console is a system management console from Bentley Systems, USA. A security vulnerability exists in some Bentley Systems products that originated from allowing an unauthenticated attacker to view configuration options via a specially crafted request, which...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...
CVE-2022-40201
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design DGN file is parsed. This may allow an attacker to execute arbitrary code...
Stack overflow
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design DGN file is parsed. This may allow an attacker to execute arbitrary code...
Out-of-bounds
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when parsing DGN files, potentially allowing a crash, information disclosure, or arbitrary code execution. Affected component/problem: DGN parsing in MicroStation Connect; root cause: out-o...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...