CVE-2026-23989

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

CVE-2026-23989

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

EUVD-2026-5629

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

CVE-2026-23989

REVA (OpenCloud Reva component) contains a vulnerability in its GRPC authorization middleware that lets a malicious user bypass the public link scope verification via the archiver service, enabling creation of an archive (zip/tar) containing all resources within the link’s scope. Affected version...

CVE-2026-23989

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GRPC authorization middleware. An attacker can access resources outside the intended scope by bypassing scope validation through the archiver service. Remediation Upgrade...

GHSA-9J2F-3RJ3-WGPG OpenCloud Reva has a Public Link Exploit

Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. Details Public link shares in OpenCloud are bound to a specific scope usually a file or...

PT-2026-6645

Name of the Vulnerable Software and Affected Versions REVA versions prior to 2.40.3 REVA versions prior to 2.42.3 Description A flaw exists in the GRPC authorization middleware of the "Reva" component of OpenCloud. This allows a malicious user to bypass scope verification of a public link. By...

Veeam.Archiver.Service terminates due to 'System.OutOfMemoryException' after updating to Veeam Backup for Microsoft 365 7.0.0.3968

Challenge Veeam.Archiver.Service consumes all available virtual memory and then terminates. The issue can be confirmed with the following Windows Events System log: The Veeam Backup for Microsoft 365 Service service terminated unexpectedly. It has done this 1 times. The following corrective actio...

CVE-2017-14022

An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP the...

Input validation

An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP the...

CVE-2017-14022

An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP the...

CVE-2012-0229

The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted session on TCP port 14000 to 1 ihDataArchiver.exe or 2 ihDataArchiverx64.exe...

CVE-2012-0229

The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted session on TCP port 14000 to 1 ihDataArchiver.exe or 2 ihDataArchiverx64.exe...

Stack overflow

Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via crafted TCP message traffic...