CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2025-11697

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

Rockwell Automation Studio 5000 Simulation Interface 安全漏洞

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. A code execution vulnerability exists in Rockwell Automation Studio 5000 Simulation Interface, which can be exploited by an attacker to cause scripts to be executed with administrator...

PT-2024-29690 · Atos · Atos Eviden Smc Xscale

Name of the Vulnerable Software and Affected Versions: Atos Eviden SMC xScale versions prior to 1.6.6 Description: An issue was discovered in Atos Eviden SMC xScale during initialization of nodes, where some configuration parameters are retrieved from management nodes. These parameters embed...

CVE-2023-50920

An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or...

PT-2023-25852 · Atera · Atera

Name of the Vulnerable Software and Affected Versions: Atera affected versions not specified Description: The issue arises from the C:WindowsTempAgent.Package.AvailabilityAgent.Package.Availability.exe file being automatically launched as SYSTEM when the system reboots. Since the...

CVE-2022-27511

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted...

CVE-2020-3403

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the...

CVE-2020-7821

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC...