CVE-2025-27380
- EPSS 0.04%
- Veröffentlicht 22.01.2026 01:28:24
- Zuletzt bearbeitet 26.02.2026 21:23:01
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
CVE-2025-27379
- EPSS 0.04%
- Veröffentlicht 22.01.2026 01:17:54
- Zuletzt bearbeitet 26.02.2026 21:24:23
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affec...
CVE-2025-27378
- EPSS 0.11%
- Veröffentlicht 22.01.2026 01:15:51
- Zuletzt bearbeitet 26.02.2026 21:25:32
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject a...
CVE-2026-1010
- EPSS 0.01%
- Veröffentlicht 15.01.2026 23:00:18
- Zuletzt bearbeitet 23.01.2026 19:31:41
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. W...