CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-26682

Malware in sbrugna...

5.4CVSS5.6AI score0.00253EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-36331

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0023EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-38110

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00171EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-38109

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00171EPSS

NVD•added 2025/10/03 4:16 p.m.•2 views

CVE-2025-34226

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

7.1CVSS0.00178EPSS

Vulnrichment•added 2025/10/03 3:36 p.m.•4 views

CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

7.1CVSS6.5AI score0.00178EPSS

CVE•added 2025/10/03 3:36 p.m.•10 views

CVE-2025-34226

OpenPLC Runtime v3 is affected by an input validation flaw in the /upload-program-action endpoint: the epoch_time parameter submitted during program uploads is not validated, allowing corruption of the programs database. After a malformed upload, the runtime can operate, but on restart the databa...

7.1CVSS6.5AI score0.00178EPSS

CNNVD•added 2025/10/03 12:0 a.m.•2 views

OpenPLC Runtime version 3 安全漏洞

OpenPLC Runtime version 3 is a programmable logic controller by Thiago Alves Individual Developer. A security vulnerability exists in OpenPLC Runtime version 3, which stems from insufficient input validation of the epochtime field, which could lead to program database corruption, resulting in a...

7.1CVSS6.5AI score0.00178EPSS

Exploits0References5

Positive Technologies•added 2025/10/03 12:0 a.m.•3 views

PT-2025-40533

Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description The software contains an input validation flaw in the /upload-program-action API endpoint. The epoch time parameter, when submitting program uploads, is not validated, potentially leading to corruption of...

7.1CVSS6.7AI score0.00178EPSS

Exploits0References6

RedhatCVE•added 2025/08/06 12:14 a.m.•4 views

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...

6.4CVSS6.5AI score0.00237EPSS

NVD•added 2025/08/04 2:15 a.m.•4 views

CVE-2025-54962

6.4CVSS0.00237EPSS

Cvelist•added 2025/08/04 12:0 a.m.•7 views

CVE-2025-54962

6.4CVSS0.00237EPSS

CNNVD•added 2025/08/04 12:0 a.m.•1 views

OpenPLC Runtime version 3 代码问题漏洞

OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. A code issue vulnerability exists in OpenPLC Runtime version 3 that originates from allowing an authenticated user to upload arbitrary files and access them publicly...

6.4CVSS6.8AI score0.00237EPSS

Exploits1References3

Positive Technologies•added 2025/08/04 12:0 a.m.•3 views

PT-2025-31796 · Unknown · Openplc Runtime

Name of the Vulnerable Software and Affected Versions: OpenPLC Runtime versions 3 through 9cd8f1b Description: An authenticated user can upload arbitrary files, such as .html or .svg, through the /edit-user endpoint in the webserver. These uploaded files are then publicly accessible under the...

6.4CVSS6.6AI score0.00237EPSS

Exploits1References7

CVE•added 2025/08/04 12:0 a.m.•15 views

CVE-2025-54962

OpenPLC Runtime CVE-2025-54962 affects OpenPLC Runtime versions 3 through 9cd8f1b. The webserver’s /edit-user endpoint allows authenticated users to upload arbitrary files (e.g., .html, .svg); these uploads are stored under /static and become publicly accessible. The root cause is improper valida...

6.4CVSS6.5AI score0.00237EPSS

Vulnrichment•added 2025/08/04 12:0 a.m.•3 views

CVE-2025-54962

6.4CVSS6.5AI score0.00237EPSS