18 matches found
PT-2026-53221
Name of the Vulnerable Software and Affected Versions Delta Electronics DTM Soft affected versions not specified Description The software is susceptible to the deserialization of untrusted data, which can allow an attacker to execute arbitrary code. Real-world exploitation has been observed where...
National Security Agency Ghidra 代码问题漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Previous versions of National Security Agency Ghidra, such as version 12.1, had code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the RMI...
JetBrains Junie 安全漏洞
JetBrains Junie is a coding proxy provided by the Czech company JetBrains. Versions of JetBrains Junie prior to 252.549.29 contained security vulnerabilities, which were due to the possibility of executing commands through malicious project files...
GHSA-5R63-Q8HG-P8QX FUXA allows Remote Code Execution (RCE) via the project import functionality.
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
CVE-2022-27580
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges ...
EUVD-2023-12202
Malicious code in bioql PyPI...
CVE-2022-27579
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the...
PT-2025-20839 · Schneider Electric · Ecostruxure Power Build +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Stack-based Buffer Overflow issue exists that could allow local attackers to potentially execute arbitrary code when the end user opens a malicious project file provided by the attacker...
PT-2024-2220 · Schneider Electric · Ecostruxure Power Design - Ecodial
Name of the Vulnerable Software and Affected Versions: EcoStruxure Power Design - Ecodial affected versions not specified Description: A Deserialization of Untrusted Data issue exists, potentially allowing remote code execution when a malicious project file is loaded into the application by a val...
CVE-2022-45792
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...
CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...
CVE-2022-2866
FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution...
CVE-2022-27580
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges ...
CVE-2022-27580
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges ...
Vulnerability in SICK Flexi Soft Designer & Safety Designer
A deserialization vulnerability in a .NET framework class used by both SICK Flexi Soft Designer and SICK Safety Designer allows an attacker to create malicious project files...
CVE-2020-16236
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code...
CVE-2006-0187
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control UserControl1Load function, which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file...