Skip to main content

Proteus

6 CVEs product

Monthly

CVE-2026-5495 HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution when victims open crafted project files. The vulnerability stems from insufficient validation during PDSPRJ file processing, allowing buffer overflow conditions that permit arbitrary code execution with victim's privileges. Exploitation requires user interaction-opening a malicious PDSPRJ file or visiting attacker-controlled web content. CVSS 7.8 (High) reflects local attack vector with no privileges required but mandatory user interaction. No public exploit identified at time of analysis. Affects all versions per available CPE data.

RCE Memory Corruption Buffer Overflow Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-5494 HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution with high integrity impact. Exploitation requires user interaction (opening malicious PDSPRJ file or visiting attacker-controlled page). Insufficient input validation during PDSPRJ processing allows buffer overflow, writing arbitrary data beyond allocated memory boundaries. Successful exploitation grants attacker code execution in application context with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-5493 HIGH This Week

Out-of-bounds write during PDSPRJ file parsing in Labcenter Electronics Proteus enables remote code execution when users open malicious project files. Attackers exploit insufficient input validation to write beyond allocated buffer boundaries, executing arbitrary code with victim's privileges. Requires user interaction (opening crafted PDSPRJ file). CWE-787 memory corruption vulnerability. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-5496 HIGH This Week

Type confusion in Labcenter Electronics Proteus PDSPRJ file parser enables remote code execution when users open malicious project files. Attackers exploit insufficient validation during file parsing to trigger memory corruption, achieving arbitrary code execution with victim user privileges. Requires social engineering to deliver weaponized PDSPRJ files via email, web download, or file sharing. Publicly available exploit code exists (ZDI advisory disclosure). CVSS 7.8 reflects local attack vector requiring user interaction but no authentication.

RCE Memory Corruption Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2022-26662 PyPI HIGH PATCH This Week

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Proteus Trytond Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-26661 PyPI MEDIUM POC PATCH This Month

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Proteus Trytond Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.4%
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution when victims open crafted project files. The vulnerability stems from insufficient validation during PDSPRJ file processing, allowing buffer overflow conditions that permit arbitrary code execution with victim's privileges. Exploitation requires user interaction-opening a malicious PDSPRJ file or visiting attacker-controlled web content. CVSS 7.8 (High) reflects local attack vector with no privileges required but mandatory user interaction. No public exploit identified at time of analysis. Affects all versions per available CPE data.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution with high integrity impact. Exploitation requires user interaction (opening malicious PDSPRJ file or visiting attacker-controlled page). Insufficient input validation during PDSPRJ processing allows buffer overflow, writing arbitrary data beyond allocated memory boundaries. Successful exploitation grants attacker code execution in application context with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write during PDSPRJ file parsing in Labcenter Electronics Proteus enables remote code execution when users open malicious project files. Attackers exploit insufficient input validation to write beyond allocated buffer boundaries, executing arbitrary code with victim's privileges. Requires user interaction (opening crafted PDSPRJ file). CWE-787 memory corruption vulnerability. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Type confusion in Labcenter Electronics Proteus PDSPRJ file parser enables remote code execution when users open malicious project files. Attackers exploit insufficient validation during file parsing to trigger memory corruption, achieving arbitrary code execution with victim user privileges. Requires social engineering to deliver weaponized PDSPRJ files via email, web download, or file sharing. Publicly available exploit code exists (ZDI advisory disclosure). CVSS 7.8 reflects local attack vector requiring user interaction but no authentication.

RCE Memory Corruption Proteus
NVD VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Proteus Trytond +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Proteus Trytond +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy