Export limit exceeded: 334723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-1227 1 Schneider-electric 2 Ecostruxure Building Operation Webstation, Ecostruxure Building Operation Workstation 2026-02-11 N/A
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.
CVE-2026-1226 1 Schneider-electric 2 Ecostruxure Building Operation Webstation, Ecostruxure Building Operation Workstation 2026-02-11 N/A
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.
CVE-2025-8448 1 Schneider-electric 2 Ecostruxure Building Operation Enterprise Server, Ecostruxure Workstation 2025-09-09 N/A
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products.
CVE-2025-8449 1 Schneider-electric 3 Ecostruxure Building Operation Enterprise Server, Ecostruxure Enterprise Server, Ecostruxure Workstation 2025-09-09 N/A
CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.
CVE-2020-28210 1 Schneider-electric 1 Ecostruxure Building Operation 2024-11-21 6.1 Medium
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.