Ni
Products
28- 42 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
85| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9051 | Cri | 0.59 | 9.1 | 0.01 | May 29, 2026 | There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires… | ||
| CVE-2024-4044 | Hig | 0.52 | 7.8 | 0.15 | May 14, 2024 | A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability… | ||
| CVE-2026-32864 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2026 | There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a… | ||
| CVE-2026-32863 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2026 | There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user… | ||
| CVE-2026-32862 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2026 | There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open… | ||
| CVE-2026-32861 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2026 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open… | ||
| CVE-2026-32860 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2026 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a… | ||
| CVE-2025-10203 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2025 | Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnerability affects Digilent… | ||
| CVE-2024-12742 | Hig | 0.51 | 7.8 | 0.05 | Mar 6, 2025 | A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web… | ||
| CVE-2024-12741 | Hig | 0.51 | 7.8 | 0.04 | Dec 18, 2024 | A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions.… | ||
| CVE-2024-5602 | Hig | 0.51 | 7.8 | 0.00 | Jul 23, 2024 | A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed… | ||
| CVE-2024-6675 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2024 | A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior… | ||
| CVE-2017-2779 | Hig | 0.49 | 7.5 | 0.02 | Sep 5, 2017 | An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an… | ||
| CVE-2017-2775 | Hig | 0.49 | 7.5 | 0.03 | Mar 31, 2017 | An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting… | ||
| CVE-2026-8036 | Hig | 0.46 | 7.1 | 0.00 | Jun 2, 2026 | Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux. | ||
| CVE-2026-8035 | Hig | 0.46 | 7.1 | 0.00 | Jun 2, 2026 | Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux. | ||
| CVE-2002-0748 | 0.04 | — | 0.09 | Aug 12, 2002 | LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. | |||
| CVE-2008-5383 | 0.03 | — | 0.05 | Dec 9, 2008 | Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file. | |||
| CVE-2025-2449 | 0.02 | — | 0.31 | Mar 18, 2025 | NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2026-9143 | 0.00 | — | 0.00 | Jun 19, 2026 | There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions. |
- risk 0.59cvss 9.1epss 0.01
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires…
- risk 0.52cvss 7.8epss 0.15
A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability…
- risk 0.51cvss 7.8epss 0.00
There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a…
- risk 0.51cvss 7.8epss 0.00
There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user…
- risk 0.51cvss 7.8epss 0.00
There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open…
- risk 0.51cvss 7.8epss 0.00
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open…
- risk 0.51cvss 7.8epss 0.00
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a…
- risk 0.51cvss 7.8epss 0.00
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnerability affects Digilent…
- risk 0.51cvss 7.8epss 0.05
A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web…
- risk 0.51cvss 7.8epss 0.04
A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions.…
- risk 0.51cvss 7.8epss 0.00
A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed…
- risk 0.51cvss 7.8epss 0.00
A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior…
- risk 0.49cvss 7.5epss 0.02
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an…
- risk 0.49cvss 7.5epss 0.03
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting…
- risk 0.46cvss 7.1epss 0.00
Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
- risk 0.46cvss 7.1epss 0.00
Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
- CVE-2002-0748Aug 12, 2002risk 0.04cvss —epss 0.09
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.
- CVE-2008-5383Dec 9, 2008risk 0.03cvss —epss 0.05
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file.
- CVE-2025-2449Mar 18, 2025risk 0.02cvss —epss 0.31
NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the…
- CVE-2026-9143Jun 19, 2026risk 0.00cvss —epss 0.00
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.