Lucene search
K

816 matches found

Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57257 Security vulnerability in Foxit PDF Editor/Reader — PRC 3D BRep Renderer Heap OOB Read

During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes...

6.1CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57258 Foxit PDF Editor/Reader Crash via Malformed PRC 3D Stream

The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...

6.1CVSS0.00112EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-57258

CVE-2026-57258 affects Foxit PDF Editor/Reader. The issue lies in the PRC 3D stream header parsing logic, which trusts a constructed file structure description and reads an underlying array, leading to out-of-bounds reads and application crashes. This is a local-access vulnerability requiring use...

6.1CVSS6AI score0.00112EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42189

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 8:19 p.m.3 views

CVE-2026-28737 Gitea 3D file viewer allows stored XSS through glTF extensionsRequired

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5286 Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer in code.gitea.io/gitea

Gitea: Stored XSS via glTF extensionsRequired in Gitea 3D File Viewer in code.gitea.io/gitea...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/24 1:31 a.m.4 views

[SECURITY] Fedora 44 Update: materialx-1.39.5-1.fc44

Physically-based material interchange specification for 3D rendering workflow s...

3.7CVSS5.8AI score0.002EPSS
Exploits2
OSV
OSV
added 2026/06/17 6:10 p.m.3 views

GHSA-9CPJ-QC93-VW8V Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 6:45 a.m.38 views

CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 6:45 a.m.15 views

EUVD-2026-32738

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/26 5:8 p.m.10 views

CVE-2026-7453 WRL File Parsing Memory Exhaustion in Autodesk 3ds Max

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...

5.3CVSS5.8AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:6 p.m.15 views

EUVD-2026-31911

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS6.2AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 5:5 p.m.30 views

CVE-2026-7451

CVE-2026-7451 : A maliciously crafted TIF file, when parsed by Autodesk 3ds Max , can trigger an Out-of-Bounds Write in the process. The vulnerability may allow a malicious actor to cause a crash, data corruption, or execute arbitrary code in the context of the current process. Connected sources ...

7.8CVSS6.2AI score0.00166EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3D. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains on the guest, making all the addition...

5.5CVSS5.4AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-41384

Уязвимость программы для создания текстур и материалов для 3D моделей Adobe Substance 3D Sampler связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код...

7.2CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/08 11:55 a.m.9 views

CVE-2023-47268

A flaw was found in PrusaSlicer. A remote attacker could exploit this vulnerability by providing a specially crafted 3mf project file. When this malicious file is processed by slicing the project and exporting G-code, it can lead to arbitrary code execution on the host system. This allows an...

5.3CVSS6.3AI score0.0072EPSS
Exploits4References2
EUVD
EUVD
added 2026/05/08 6:32 a.m.8 views

EUVD-2023-51398

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

5.3CVSS6.2AI score0.0072EPSS
Exploits4References5
Rows per page
Query Builder