28672 matches found
AVEVA Process Optimization security vulnerabilities
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability. This vulnerability arises because authenticated attackers can manipulate the Project Optimization project files and embed code,...
WeGIA Cross-Site Script Vulnerabilities
WeGIA is a web manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the user-controlled data was not cleared before rendering the...
Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE
Summary Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitizati...
CVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
CVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
CVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
CVE-2025-13845
CVE-2025-13845 affects Schneider Electric EcoStruxure Power Build Rapsody. The Red Hat/NVD entries and Schneider Electric communications describe a CWE-416 Use After Free vulnerability (also noted as a Double Free in some sources) that could allow remote code execution when an end user imports a ...
CVE-2025-13845
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file SSD file into Rapsody...
CVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
CVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
EUVD-2026-2720
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
CVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
CVE-2025-13844
CVE-2025-13844 affects Schneider Electric EcoStruxure Power Build Rapsody. Connected sources confirm a CWE-415 Double Free vulnerability that could cause heap memory corruption when a user imports a malicious SSD project file into Rapsody. Documented impact includes potential memory corruption; C...
CVE-2025-70308
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .gsf file...
CVE-2025-67078
Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...
CVE-2025-67077
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...
CVE-2025-67076
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...
CVE-2025-67079
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...
CVE-2025-67076
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...
CVE-2025-67077
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...