Studio

This hub aggregates every CVE we track for Studio, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Hardware Firmware

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM16HIGH6CRITICAL4LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Studio.

CVE-2018-25227Valentina Studio 9.0.4 Denial of Service via Host Parameter6.2Mar 30, 2026
CVE-2019-25567Valentina Studio 9.0.5 Linux Buffer Overflow via Host Field6.2Mar 21, 2026
CVE-2019-25276Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path7.8Feb 4, 2026
CVE-2023-39967Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio10.0Sep 6, 2023
CVE-2023-41327Controlled SSRF through URL in the WireMock4.6Sep 6, 2023
CVE-2023-41329Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio3.9Sep 6, 2023
CVE-2023-38335Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implement...5.3Jul 20, 2023
CVE-2023-38334Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, ...6.5Jul 20, 2023
CVE-2022-36243Directory Traversal on Shop Beat Services5.3May 30, 2023
CVE-2022-36250Cross Site Request Forgery on Shop Beat Services8.8May 30, 2023
CVE-2022-36249Shop Beat Services Vulnerable To Bypass 2FA via APIs5.4May 30, 2023
CVE-2022-36246Shop Beat Services Vulnerable To Insecure Permissions9.8May 30, 2023
CVE-2022-36247Shop Beat Services Vulnerable To IDOR9.1May 30, 2023
CVE-2022-36244Multiple Stored Cross-Site Scripting Vulnerabilities on Shop Beat Services5.4May 30, 2023
CVE-2023-31444In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JV...7.5Apr 28, 2023

Product normalization is registry-driven with AI assist and human review. How it works