CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

CVE-2021-3351

OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...