ROOT-APP-NPM-NSWG-ECO-154 NSWG-ECO-154 in @rootio/sanitize-html - Patched by Root

Root has patched NSWG-ECO-154 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-NSWG-ECO-17 NSWG-ECO-17 in @rootio/jsonwebtoken - Patched by Root

Root has patched NSWG-ECO-17 in the @rootio/jsonwebtoken package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-NSWG-ECO-428 NSWG-ECO-428 in @rootio/base64url - Patched by Root

Root has patched NSWG-ECO-428 in the @rootio/base64url package for Root:npm. Multiple fixed versions available...

PT-2026-49160

Root has patched NSWG-ECO-154 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

PT-2026-49161

Root has patched NSWG-ECO-17 in the @rootio/jsonwebtoken package for Root:npm. Multiple fixed versions available...

EUVD-2018-21742

Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by...

CVE-2018-25244

Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a...

CVE-2018-25244

The CVE-2018-25244 entry affects Microsoft Eco Search 1.0.2.0. A denial-of-service condition arises when an attacker with local access submits an excessively long string (buff­er of ≥950 characters) in the search functionality, triggering a crash. Both CVSS-derived metrics indicate LOCAL attack v...

CVE-2018-25244 Eco Search 1.0.2.0 Denial of Service

Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a...

CVE-2018-25244

Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a...

CVE-2018-25244 Eco Search 1.0.2.0 Denial of Service

Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a...

Eco Search 安全漏洞

Eco Search is a search tool developed by the Eco Search company. Version 1.0.2.0 of Eco Search contains a security vulnerability. This vulnerability arises from the search function’s improper handling of extremely long strings, which may allow local attackers to cause the application to crash by...

Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the postgres service, which listens on TCP port 5432 by...

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Process Expert security vulnerabilities

Schneider Electric EcoStruxure Process Expert is a next-generation process automation system developed by Schneider Electric of France. It is used for designing, operating, and maintaining entire factories. Schneider Electric EcoStruxure Process Expert has a security vulnerability. This...

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

EUVD-2022-55935

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

EUVD-2022-55939

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...

EUVD-2022-55934

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...