CVE-2026-11858

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

CVE-2026-11857

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local...

CVE-2026-11858

Quanos SCHEMA ST4 on-premises is affected by a local privilege escalation due to insufficient authorization on the Client Update Service. The service, running as NT AUTHORITY\SYSTEM, exposes a .NET Remoting interface over a named pipe without proper access controls. A local authenticated low-priv...

CVE-2026-11857

The CVE describes a local privilege escalation in Quanos SCHEMA ST4 on-premises, via insecure deserialization in the .NET Remoting endpoint exposed by the Client Update Service. The service uses TypeFilterLevel.Full and binds to local interfaces over named pipes, enabling a local authenticated at...

EUVD-2022-42502

Malicious code in bioql PyPI...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

Input validation

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073 Quaonos Schema ST4 example templates prone to XSS

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073 Quaonos Schema ST4 example templates prone to XSS

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073

The CVE-2022-3073 entry concerns Quanos SCHEMA ST4 example web templates (Bootstrap 2019 v2 through 2022 SP1 v1). Affected component is the *-schema.js script, whose JavaScript injection vulnerability can allow a remote attacker to hijack existing sessions or run scripts in a user’s browser. Docu...

Bootstrap 跨站脚本漏洞

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript. A cross-site scripting vulnerability exists in Bootstrap 2019 v2, 2021 v1, 2022 v1, 2022 SP1 v1, and prior versions, which stems from the Quanos "SCHEMA ST4" sample web template being vulnerable to...

PT-2022-20267 · Unknown · Quanos Schema St4

Name of the Vulnerable Software and Affected Versions: Quanos SCHEMA ST4 versions Bootstrap 2019 v2 through 2022 SP1 v1 Description: The issue allows a remote attacker to perform JavaScript injection, potentially hijacking existing sessions to access other web services in the same environment or...

SIEMENS Solid Edge ST4/ST5 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite RCE

SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Control SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution Vulnerability SEListCtrlX ActiveX 安装与西门子 Solid Edge 产品此模块功绩。此漏洞存在几个 api 提供的控制，在那里用户提供的输入处理作为内存的指针，而不进行适当的验证，允许攻击者读取和损坏从目标进程的内存。本模块滥用方法 NumChildren 和 DeleteItem 分别达到内存信息泄漏及远程执行代码。本模块对...

SIEMENS Solid Edge ST4ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution

SIEMENS Solid Edge ST4ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution SIEMENS Solid Edge ST4/ST5 SEListCtrlX ActiveX Control SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution Vulnerability tested against: Microsoft Windows Server 2003 r2 sp2...