EUVD-2024-20672

Malicious code in bioql PyPI...

EUVD-2024-36598

Malicious code in bioql PyPI...

EUVD-2024-20668

Malicious code in bioql PyPI...

EUVD-2025-23032

Malicious code in bioql PyPI...

CVE-2025-5038

A maliciously crafted XT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-6636

CVE-2025-6636 affects Autodesk AutoCAD and other Autodesk products via parsing of specially crafted PRT files, causing a Use-After-Free in the parser. Impact described across sources includes crashes, potential data exposure, and arbitrary code execution in the context of the affected process. Se...

CVE-2013-3665

Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file...

CVE-2024-23142

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atfdwgconsumer.dll, rosex64vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

Autodesk: Insecure Direct Object Reference (IDOR) in GraphQL deleteProfileImages Mutation

The Insecure Direct Object Reference IDOR vulnerability was discovered in the GraphQL deleteProfileImages mutation of the Autodesk User Profile. The vulnerability could have allowed an attacker to delete another user's photo through the "id" parameter. Autodesk has addressed the vulnerability...

Vulnerability in Autodesk 3ds max actively exploited

Autodesk says it is actively observing abuse of a vulnerability in 3ds max software. A variant of the MAXScript exploit "PhysXPluginMfx" allows a remote malicious person to to execute arbitrary code within the context of the application. To do this, the malicious party must entice the victim to...