Lucene search
+L

714 matches found

CNNVD
CNNVD
added 2026/04/11 12:0 a.m.15 views

Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided to...

7.8CVSS7.5AI score0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 3:54 p.m.6 views

CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS6AI score0.00386EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.15 views

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 9:31 p.m.4 views

EUVD-2026-12638

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 7:11 p.m.11 views

CVE-2026-4295

CVE-2026-4295 affects Kiro IDE prior to 0.8.0. Improper trust boundary enforcement may allow a remote unauthenticated actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. Affected software: K...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 7:11 p.m.2 views

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:11 p.m.4 views

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/17 7:11 p.m.27 views

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

Kiro IDE 安全漏洞

Kiro IDE is an integrated development environment developed by Kiro in open source. Versions of Kiro IDE prior to 0.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper execution of trust boundaries, which could allow remote, unverified threat actors to execute...

8.5CVSS6.3AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10490

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

6.1CVSS5.8AI score0.00082EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 10:24 a.m.28 views

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

6.1CVSS0.00082EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/03 6:30 p.m.3 views

Command Injection

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Command Injection via the project files import proccess. An attacker can execute arbitrary system commands by uploading a crafted project file containing...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 6:30 p.m.3 views

GHSA-5R63-Q8HG-P8QX FUXA allows Remote Code Execution (RCE) via the project import functionality.

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

9.8CVSS5.7AI score0.00416EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 10:17 p.m.17 views

CVE-2025-67652

CVE-2025-67652 affects AutomationDirect CLICK PLC (project file handling) with weak password encoding in the addressed project file. Root cause: insufficient encryption/secure storage of credentials, enabling an attacker with local access to the project file to impersonate users, escalate privile...

6.1CVSS5.5AI score0.00101EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.10 views

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability stems from the exposure of...

6.1CVSS5.8AI score0.00101EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/16 12:12 a.m.6 views

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

8.6CVSS6.5AI score0.00171EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.12 views

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability. This vulnerability arises because authenticated attackers can manipulate the Project Optimization project files and embed code,...

8.6CVSS5.8AI score0.00171EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/15 6:28 p.m.4 views

CVE-2025-13844

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...

8.4CVSS6.6AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.7 views

CVE-2021-22637

Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite versions prior to 4.0.10.0...

7.8CVSS8.3AI score0.02142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.8 views

CVE-2021-22655

Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite versions prior to 4.0.10.0...

7.8CVSS7.9AI score0.01191EPSS
Exploits0References1
Rows per page
Query Builder