115 matches found
CVE-2026-35383 Bentley Systems iTwin Platform exposed access token
Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete...
EUVD-2022-44804
Malicious code in bioql PyPI...
EUVD-2022-43501
Malicious code in bioql PyPI...
EUVD-2024-51771
Malicious code in bioql PyPI...
CVE-2024-53007
Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...
CVE-2022-40201
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design DGN file is parsed. This may allow an attacker to execute arbitrary code...
CVE-2024-53007
Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...
CVE-2024-53007
CVE-2024-53007 affects Bentley Systems ProjectWise Integration Server prior to 10.00.03.288. An authenticated user can cause unintended SQL query execution via an API call. The CVSS 3.1 base score is 6.4 (MEDIUM): attack vector LOCAL, privileges required LOW, user interaction NONE, with confident...
CVE-2024-53007
Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...
Selected Bentley Systems Products Security Vulnerabilities
Bentley Systems eB System Management Console is a system management console from Bentley Systems, USA. A security vulnerability exists in some Bentley Systems products that originated from allowing an unauthenticated attacker to view configuration options via a specially crafted request, which...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...
Stack overflow
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design DGN file is parsed. This may allow an attacker to execute arbitrary code...
Out-of-bounds
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when parsing DGN files, potentially allowing a crash, information disclosure, or arbitrary code execution. Affected component/problem: DGN parsing in MicroStation Connect; root cause: out-o...
CVE-2022-41613
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...
CVE-2022-40201
Bentley Systems MicroStation Connect is affected for version 10.17.0.209 and earlier. The vulnerability is a Stack-Based Buffer Overflow that occurs when parsing malformed DGN design files, which could allow arbitrary code execution on a locally accessible system. Remediation provided by multiple...
CVE-2022-40201
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design DGN file is parsed. This may allow an attacker to execute arbitrary code...
CVE-2022-40201
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design DGN file is parsed. This may allow an attacker to execute arbitrary code...
CISA Releases Three Industrial Control Systems Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...