816 matches found
CVE-2026-57257 Security vulnerability in Foxit PDF Editor/Reader — PRC 3D BRep Renderer Heap OOB Read
During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes...
CVE-2026-57258 Foxit PDF Editor/Reader Crash via Malformed PRC 3D Stream
The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...
CVE-2026-57258
CVE-2026-57258 affects Foxit PDF Editor/Reader. The issue lies in the PRC 3D stream header parsing logic, which trusts a constructed file structure description and reads an underlying array, leading to out-of-bounds reads and application crashes. This is a local-access vulnerability requiring use...
EUVD-2026-42189
The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...
CVE-2026-28737 Gitea 3D file viewer allows stored XSS through glTF extensionsRequired
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...
GO-2026-5286 Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer in code.gitea.io/gitea
Gitea: Stored XSS via glTF extensionsRequired in Gitea 3D File Viewer in code.gitea.io/gitea...
[SECURITY] Fedora 44 Update: materialx-1.39.5-1.fc44
Physically-based material interchange specification for 3D rendering workflow s...
GHSA-9CPJ-QC93-VW8V Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer
Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...
CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-32738
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-7453 WRL File Parsing Memory Exhaustion in Autodesk 3ds Max
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...
EUVD-2026-31911
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2026-7451
CVE-2026-7451 : A maliciously crafted TIF file, when parsed by Autodesk 3ds Max , can trigger an Out-of-Bounds Write in the process. The vulnerability may allow a malicious actor to cause a crash, data corruption, or execute arbitrary code in the context of the current process. Connected sources ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3D. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains on the guest, making all the addition...
PT-2026-41384
Уязвимость программы для создания текстур и материалов для 3D моделей Adobe Substance 3D Sampler связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код...
CVE-2023-47268
A flaw was found in PrusaSlicer. A remote attacker could exploit this vulnerability by providing a specially crafted 3mf project file. When this malicious file is processed by slicing the project and exporting G-code, it can lead to arbitrary code execution on the host system. This allows an...
EUVD-2023-51398
In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...