Skip to main content

Designer

6 CVEs product

Monthly

CVE-2025-27377 MEDIUM This Month

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. [CVSS 5.3 MEDIUM]

Authentication Bypass Designer
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-25260 HIGH POC This Week

Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Designer
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25262 HIGH POC This Week

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Designer
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25263 MEDIUM POC This Month

In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Designer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25261 CRITICAL Act Now

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Designer Viewer
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-31410 HIGH This Week

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Designer
NVD
CVSS 3.1
7.5
EPSS
1.7%
EPSS 0% CVSS 5.3
MEDIUM This Month

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. [CVSS 5.3 MEDIUM]

Authentication Bypass Designer
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Designer
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Designer
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Designer
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Designer +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Designer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy