CVE-2026-1985

CVE-2026-1985 : Connected document identifies a concrete vulnerability in the WordPress Press3D plugin (versions

CVE-2026-1985

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

CVE-2026-1985 Press3D <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

WordPress plugin Press3D 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Press3D plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability discovered by WordFence in WordPress Plugin Press3D versions = 1.0.2...

EUVD-2024-49132

Malicious code in bioql PyPI...

EUVD-2023-42238

Malicious code in bioql PyPI...

EUVD-2024-28479

Malicious code in bioql PyPI...

EUVD-2023-36612

Malicious code in bioql PyPI...

EUVD-2023-42078

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-44961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust...

CVE-2023-38258

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

Advisory ROSA-SA-2025-2588

software: assimp 5.0.1 OS: ROSA-CHROME packageevrstring: assimp-5.0.1.1-4 CVE-ID: CVE-2024-40724 BDU-ID: 2024-06186 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the File Handler component of the 3D model import library Open Asset Import Library Assimp is related to a heap buffer overflow...

CVE-2024-48426

A flaw was found in the Asset Import Library Assimp. A maliciously crafted 3D model file can trigger this segmentation fault, causing the application to crash. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

CVE-2024-48425

A flaw was found in the Assimp asset import library. An attacker may be able to trigger a segmentation fault using specially-crafted 3D model files. This can result in a denial of service due to invalid memory access. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2024-8374 Arbitrary Code Injection in Cura

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...

CVE-2024-30559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559 WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559 WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559

CVE-2024-30559 is a cross-site scripting (Stored XSS) vulnerability reported in the Spin 360 deg and 3D Model Viewer WordPress plugin. The CVE entry notes the flaw affects Spin 360 deg and 3D Model Viewer versions from an unspecified baseline up to 1.2.7. The linked Red Hat entry reiterates the i...