Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
50773166.1%CRITICAL

Related CVEs

100+
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-8045CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.HIGH7.114.1%Jun 9, 2026
CVE-2026-6332CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it.MEDIUM6.82.6%May 14, 2026
CVE-2026-6866CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.HIGH8.220.8%May 12, 2026
CVE-2026-2405CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests.MEDIUM5.315.6%Apr 14, 2026
CVE-2026-2404CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.MEDIUM6.98.4%Apr 14, 2026
CVE-2026-2403CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.MEDIUM5.36.6%Apr 14, 2026
CVE-2026-2402CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.MEDIUM6.919.1%Apr 14, 2026
CVE-2026-2401CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.LOW2.41.2%Apr 14, 2026
CVE-2026-2400CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.MEDIUM5.313.7%Apr 14, 2026
CVE-2026-2399CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.MEDIUM6.910.5%Apr 14, 2026
CVE-2026-2273CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.HIGH7.213.3%Mar 10, 2026
CVE-2026-1286CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.HIGH7.023.2%Mar 10, 2026
CVE-2025-13902CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.MEDIUM5.113.0%Mar 10, 2026
CVE-2025-13901CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.MEDIUM6.936.3%Mar 10, 2026
CVE-2025-11739CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.HIGH8.58.3%Mar 10, 2026
CVE-2025-13845CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.HIGH8.422.2%Jan 15, 2026
CVE-2025-13844CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.HIGH8.43.6%Jan 15, 2026
CVE-2024-9409CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.HIGH8.751.2%Nov 13, 2024
CVE-2024-10575CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.CRITICAL10.045.4%Nov 13, 2024
CVE-2024-8422CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file.HIGH7.811.2%Oct 8, 2024