Arc

This hub aggregates every CVE we track for Arc, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Arc.

• CVE-2025-40896Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.06.5Mar 4, 2026
• CVE-2024-52928Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.9.6Jun 26, 2025
• CVE-2024-45489Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to ...9.8Sep 20, 2024
• CVE-2023-5938Path traversal via 'zip slip' in Arc before v1.6.08.0May 15, 2024
• CVE-2023-5937Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.03.8May 15, 2024
• CVE-2023-5936Unsafe temporary data privileges on Unix systems in Arc before v1.6.07.8May 15, 2024
• CVE-2023-5935Missing authentication for local web interface in Arc before v1.6.07.4May 15, 2024
• CVE-2024-31850A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access ...8.6Apr 5, 2024
• CVE-2023-24243CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).7.5Jun 16, 2023
• CVE-2021-45891An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.8.8Apr 5, 2022
• CVE-2021-45892An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.5.9Apr 5, 2022
• CVE-2021-45893An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.7.5Apr 5, 2022
• CVE-2021-45894An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information.5.9Apr 5, 2022
• CVE-2015-9275ARC 5.21q allows directory traversal via a full pathname in an archive file.5.3Jan 7, 2019
• CVE-2005-2992arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.2.1Oct 13, 2005