Lucene search
K

65 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS0.00381EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 5:15 p.m.6 views

EUVD-2026-38328

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 5:15 p.m.27 views

CVE-2026-10789

Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

9.6CVSS6.4AI score0.00381EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.8 views

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS5.9AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 3:30 p.m.5 views

EUVD-2026-22273

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 3:30 p.m.6 views

EUVD-2026-22274

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4
NVD
NVD
added 2026/04/14 3:16 p.m.7 views

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 3:16 p.m.4 views

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS0.002EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 3:16 p.m.4 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 1:56 p.m.2 views

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 1:56 p.m.25 views

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS0.00204EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:56 p.m.2 views

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 1:56 p.m.2 views

CVE-2026-4345 Stored Cross-Site Scripting (XSS) Vulnerability in Design Name

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 1:56 p.m.10 views

CVE-2026-4345

CVE-2026-4345 describes a stored XSS flaw in Autodesk Fusion desktop: a malicious design name, when exported to CSV, can execute in the app’s process context and read local files. Affected: Fusion desktop application; vulnerability arises from stored payload in design names. CVSS base metrics ind...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/14 1:56 p.m.28 views

CVE-2026-4345 Stored Cross-Site Scripting (XSS) Vulnerability in Design Name

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 1:47 p.m.2 views

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:47 p.m.2 views

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/14 1:47 p.m.16 views

CVE-2026-4369

The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...

7.1CVSS6.1AI score0.002EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder