Web Designer
by Google
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3223 | Hig | 0.51 | 7.8 | 0.00 | Feb 27, 2026 | Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. | ||
| CVE-2024-12476 | Hig | 0.51 | 7.8 | 0.00 | Jan 17, 2025 | CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web… | ||
| CVE-2023-25261 | 0.01 | — | 0.02 | Mar 27, 2023 | Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an… | |||
| CVE-2025-4613 | 0.00 | — | 0.01 | Jun 12, 2025 | Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template | |||
| CVE-2025-1079 | 0.00 | — | 0.00 | May 12, 2025 | Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature | |||
| CVE-2023-25260 | 0.00 | — | 0.01 | Mar 28, 2023 | Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. |
- risk 0.51cvss 7.8epss 0.00
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.
- risk 0.51cvss 7.8epss 0.00
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web…
- CVE-2023-25261Mar 27, 2023risk 0.01cvss —epss 0.02
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an…
- CVE-2025-4613Jun 12, 2025risk 0.00cvss —epss 0.01
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
- CVE-2025-1079May 12, 2025risk 0.00cvss —epss 0.00
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature
- CVE-2023-25260Mar 28, 2023risk 0.00cvss —epss 0.01
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.