CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12742 – Deserialization of Untrusted Data Vulnerability in NI G Web Development Software
https://notcve.org/view.php?id=CVE-2024-12742
06 Mar 2025 — A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3 and prior versions. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI G Web Development. User interaction is required to exploit this vulnerability in that the tar... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerability-in-ni-g-web-deve.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-12740 – Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software
https://notcve.org/view.php?id=CVE-2024-12740
27 Jan 2025 — Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dependency-on-vulnerable-third-party-component-exposes-vulnerabi.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23481 – WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23481
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ni WooCommerce Sales Report Email allows Reflected XSS. This issue affects Ni WooCommerce Sales Report Email: from n/a through 3.1.4. The Ni WooCommerce Sales Report Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to ... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-sales-report-email/vulnerability/wordpress-ni-woocommerce-sales-report-email-plugin-3-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54237 – WordPress Ni CRM Lead plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54237
13 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0. The Ni CRM Lead plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can success... • https://patchstack.com/database/wordpress/plugin/ni-crm-lead/vulnerability/wordpress-ni-crm-lead-plugin-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10496 – Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10496
10 Dec 2024 — An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10495 – Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10495
10 Dec 2024 — An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10494 – Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10494
10 Dec 2024 — An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54231 – WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54231
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Order Export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through 3.1.6. The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-order-export/vulnerability/wordpress-ni-woocommerce-order-export-plugin-3-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54236 – WordPress Ni WooCommerce Bulk Product Editor plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54236
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5. The Ni WooCommerce Bulk Product Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to i... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-product-editor/vulnerability/wordpress-ni-woocommerce-bulk-product-editor-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54258 – WordPress Ni CRM Lead plugin <= 1.3.0 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-54258
05 Dec 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anzia Ni CRM Lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through 1.3.0. The Ni CRM Lead plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access ... • https://patchstack.com/database/wordpress/plugin/ni-crm-lead/vulnerability/wordpress-ni-crm-lead-plugin-1-3-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •