PT-2025-39068

Name of the Vulnerable Software and Affected Versions Autodesk products affected versions not specified Description A specially crafted PRT file, when processed by certain Autodesk products, can lead to a memory corruption issue. A malicious actor could potentially exploit this to execute arbitra...

Ashlar-Vellum Graphite Stack Buffer Overflow Vulnerability

Ashlar-Vellum Graphite is a CAD modeling software from Ashlar-Vellum. Ashlar-Vellum Graphite suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

Ashlar-Vellum Graphite 安全漏洞

Ashlar-Vellum Graphite is a CAD modeling software from Ashlar-Vellum. Ashlar-Vellum Graphite suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

CVE-2025-5046

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5048

Autodesk AutoCAD is affected by CVE-2025-5048 via DGN file parsing that can trigger a memory corruption, enabling arbitrary code execution in the current process. The vulnerability is exploitable locally with user interaction required (per the CVE metrics and ZDI advisory). The root cause is rela...

CVE-2025-5047

Autodesk AutoCAD is affected by CVE-2025-5047 due to a vulnerability in parsing DGN files, arising from an uninitialized variable in memory access. The issue can allow crash, data leakage, or arbitrary code execution in the context of the current process. Public sources note this can be exploited...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16756)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

Siemens Solid Edge SE2025 缓冲区错误漏洞

Siemens Solid Edge SE2025 is a development software from Siemens Germany. Siemens Solid Edge SE2025 suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current process...

PDF-XChange Editor 资源管理错误漏洞

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. PDF-XChange Editor suffers from a memory misreference vulnerability that can be exploited by an attacker to execute code in the context of the current process...

CVE-2025-47727

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2025-47728

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

The vulnerability of the NEU format. The pre-processor Simcenter Femap allows a hacker to disclose protected information or execute arbitrary code within the context of the current process.

The vulnerability of the NEU format is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information or execute arbitrary code within the context of the current process...

CVE-2025-1660

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its ability to read data beyond the acceptable range of memory. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the ability to read data beyond the acceptable range in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its integer overflow vulnerabilities, allowing an attacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

Delta Electronics CNCSoft-G2 安全漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

`root` appended to group listings

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...

Delta Electronics DRASimuCAD 安全漏洞

Delta Electronics DRASimuCAD is an integrated platform for robot simulation. A type confusion vulnerability exists in Delta Electronics DRASimuCAD, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena Simulation is the American Rockwell Rockwell Automation company's set of simulation software to provide 3D animation and graphics capabilities. A memory misreference code execution vulnerability exists in the Rockwell Automation Arena Simulation DOE file that can be...