Skip to main content

Cncsoft

9 CVEs product

Monthly

CVE-2025-47727 HIGH This Week

Local code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While no publicly disclosed POC or active exploitation in the wild has been confirmed, the high CVSS score (7.3) and the file-opening attack vector present moderate risk to users of affected CNCSoft versions.

RCE Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47726 HIGH This Week

Buffer overflow vulnerability (CWE-787) in Delta Electronics CNCSoft that allows local authenticated users to execute arbitrary code by opening a specially crafted malicious file. The vulnerability requires user interaction (file opening) but results in complete compromise of the affected process with high impact to confidentiality, integrity, and availability. No KEV status, EPSS score, or confirmed active exploitation data is available in the provided intelligence.

Information Disclosure Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47725 HIGH This Week

Local arbitrary code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. An attacker with local access can craft a malicious file that, when opened by a user, executes arbitrary code with the privileges of the CNCSoft process. With a CVSS score of 7.3 and CWE-787 (Out-of-bounds Write) classification, this represents a significant local privilege escalation risk, though exploitation requires user interaction and local access.

Information Disclosure Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47724 HIGH This Week

Local privilege escalation vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While the CVSS score of 7.3 is moderate-to-high, the attack requires local access and user interaction, limiting immediate widespread impact; however, the high integrity and confidentiality impact (CWE-787: Out-of-bounds Write) warrants prompt patching.

Information Disclosure Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2022-1405 HIGH PATCH This Week

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Cncsoft
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-1404 HIGH PATCH This Week

Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Cncsoft
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-43982 HIGH This Week

Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Cncsoft
NVD
CVSS 3.1
7.8
EPSS
9.6%
CVE-2018-10636 HIGH This Week

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Cncsoft Screeneditor
NVD
CVSS 3.1
8.8
EPSS
9.5%
CVE-2018-10598 HIGH This Week

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Cncsoft Screeneditor
NVD
CVSS 3.0
8.1
EPSS
3.5%
EPSS 0% CVSS 7.3
HIGH This Week

Local code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While no publicly disclosed POC or active exploitation in the wild has been confirmed, the high CVSS score (7.3) and the file-opening attack vector present moderate risk to users of affected CNCSoft versions.

RCE Cncsoft
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Buffer overflow vulnerability (CWE-787) in Delta Electronics CNCSoft that allows local authenticated users to execute arbitrary code by opening a specially crafted malicious file. The vulnerability requires user interaction (file opening) but results in complete compromise of the affected process with high impact to confidentiality, integrity, and availability. No KEV status, EPSS score, or confirmed active exploitation data is available in the provided intelligence.

Information Disclosure Cncsoft
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Local arbitrary code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. An attacker with local access can craft a malicious file that, when opened by a user, executes arbitrary code with the privileges of the CNCSoft process. With a CVSS score of 7.3 and CWE-787 (Out-of-bounds Write) classification, this represents a significant local privilege escalation risk, though exploitation requires user interaction and local access.

Information Disclosure Cncsoft
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While the CVSS score of 7.3 is moderate-to-high, the attack requires local access and user interaction, limiting immediate widespread impact; however, the high integrity and confidentiality impact (CWE-787: Out-of-bounds Write) warrants prompt patching.

Information Disclosure Cncsoft
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Cncsoft
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Cncsoft
NVD
EPSS 10% CVSS 7.8
HIGH This Week

Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +1
NVD
EPSS 10% CVSS 8.8
HIGH This Week

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow +2
NVD
EPSS 4% CVSS 8.1
HIGH This Week

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy