CVSS: 8.5EPSS: %CPEs: 4EXPL: 0CVE-2025-2632 – Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache
https://notcve.org/view.php?id=CVE-2025-2632
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: %CPEs: 4EXPL: 0CVE-2025-2631 – Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation()
https://notcve.org/view.php?id=CVE-2025-2631
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: %CPEs: 4EXPL: 0CVE-2025-2630 – DLL Hijacking Vulnerability in NI LabVIEW
https://notcve.org/view.php?id=CVE-2025-2630
09 Apr 2025 — There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dll-hijacking-vulnerability-in-ni-labview.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: %CPEs: 4EXPL: 0CVE-2025-2629 – DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting
https://notcve.org/view.php?id=CVE-2025-2629
09 Apr 2025 — There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dll-hijacking-vulnerability-in-ni-labview-when-loading-ni-error-reporting.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32207 – WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32207
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Stored XSS. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. The Ni WooCommerce Cost Of Goods plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acce... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31826 – WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-31826
01 Apr 2025 — Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. The Ni WooCommerce Cost Of Goods plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31580 – WordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-31580
31 Mar 2025 — Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8. The Ni WooCommerce Product Enquiry plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.1.8. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-product-enquiry/vulnerability/wordpress-ni-woocommerce-product-enquiry-plugin-4-1-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12742 – Deserialization of Untrusted Data Vulnerability in NI G Web Development Software
https://notcve.org/view.php?id=CVE-2024-12742
06 Mar 2025 — A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3 and prior versions. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI G Web Development. User interaction is required to exploit this vulnerability in that the tar... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerability-in-ni-g-web-deve.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-12740 – Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software
https://notcve.org/view.php?id=CVE-2024-12740
27 Jan 2025 — Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dependency-on-vulnerable-third-party-component-exposes-vulnerabi.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23481 – WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23481
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ni WooCommerce Sales Report Email allows Reflected XSS. This issue affects Ni WooCommerce Sales Report Email: from n/a through 3.1.4. The Ni WooCommerce Sales Report Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to ... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-sales-report-email/vulnerability/wordpress-ni-woocommerce-sales-report-email-plugin-3-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •