CODESYS Control 安全漏洞

CODESYS Control is a suite of industrial control program programming software from CODESYS, Germany. A security vulnerability exists in CODESYS Control that originates from an unauthenticated, remote attacker can cause the visualization server of the CODESYS Control runtime system to access...

Towards Spring Tools 5 - Stereotypes and a new Structural View

When working on Spring projects, developers do not only think in terms of low-level concepts like classes and interfaces. When using Spring, you think about higher-level abstractions and concepts like services, repositories, configuration classes, entities, aggregate roots, and so on. To bring...

CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

EUVD-2017-18927

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may...

CVE-2017-20211

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may...

CVE-2017-20211 UCanCode E-XD++ Visualization Enterprise Suite Untrusted Pointer Dereference RCE

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may...

UCanCode E-XD++ Visualization Enterprise Suite 安全漏洞

UCanCode E-XD++ Visualization Enterprise Suite is a visualization development component from the Chinese company UCanCode. A security vulnerability exists in UCanCode E-XD++ Visualization Enterprise Suite that stems from an untrusted pointer dereference issue in the TKDRAWCAD.TKDrawCADCtrl.1...

Teamcenter Visualization SSO login service Vulnerability

Teamcenter contains an open-redirect vulnerability in its SSO login service affecting Teamcenter V14.1, V14.2, V14.3, V2312, V2406, and V2412; the SSO accepts user-controlled input that can point to external URLs, allowing an attacker to craft a link that redirects a legitimate user to a maliciou...

Teamcenter Visualization WRL File Parsing Vulnerabilities

Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...

[SECURITY] Fedora 42 Update: qt5-qtdatavis3d-5.15.18-1.fc42

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

CVE-2025-64163

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...

EUVD-2025-37957

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection Java Naming and Directory Interface injection. This issue is fixed in version 2.10.15...

Why SOC Burnout Can Be Avoided: Practical Steps

Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It's no surprise that many SOCs face burnout before they face their next breach. But this doesn't have to be the norm. The path out isn't through...

Siemens Teamcenter Visualization Out-of-Bounds Read (SSA-542540)

The version of Siemens Teamcenter Visualization installed on the remote host is affected by an out-of-bounds read vulnerability. The application contains an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. If a user is tricked to open a maliciou...

CVE-2025-12058 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

CVE-2025-12060 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

GHSA-MQ84-HJQX-CWF2 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

GHSA-28JP-44VH-Q42H vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

CVE-2025-57108

Kitware VTK Visualization Toolkit contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupte...

CVE-2025-57109

Kitware VTK Visualization Toolkit is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations...