Lucene search
K

130 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.5 views

CVE-2026-28737

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS0.00336EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-28737 Gitea 3D file viewer allows stored XSS through glTF extensionsRequired

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.41 views

CVE-2026-28737 Gitea 3D file viewer allows stored XSS through glTF extensionsRequired

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS0.00336EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/17 6:10 p.m.18 views

Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...

8.7CVSS5.7AI score0.00336EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50586

Name of the Vulnerable Software and Affected Versions Gitea versions 1.25.0 and later Description Gitea is subject to stored cross-site scripting XSS through the built-in 3D file viewer, which utilizes the Online3DViewer library. The issue occurs when a .gltf file contains an unsupported extensio...

8.7CVSS6AI score0.00336EPSS
Exploits0References12
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2646 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

4.8CVSS4.8AI score0.00118EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.15 views

Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within t...

7.8CVSS6AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 3:37 p.m.11 views

CVE-2026-10198

A flaw was found in Assimp, specifically within the glTFImporter component. A local attacker could exploit a null pointer dereference vulnerability in the Assimp::glTFImporter::ImportMeshes function. This could lead to a denial of service DoS by causing the application to crash. Mitigation...

5CVSS5.6AI score0.00113EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.12 views

SUSE CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.14 views

SUSE CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

3.3CVSS5.2AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.13 views

SUSE CVE-2026-10200

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

5.3CVSS6AI score0.00124EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-10198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of t...

4.8CVSS4.8AI score0.00113EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 12:30 a.m.15 views

EUVD-2026-33520

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/31 11:16 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the ImportMeshes function of the glTFImporter component. An attacker can cause a denial of service by triggering a null pointer dereference through local access with low privileges. Remediation There is no...

5CVSS5.2AI score0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/05/31 11:16 p.m.13 views

UBUNTU-CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.2AI score0.00113EPSS
Exploits0References9
CVE
CVE
added 2026/05/31 10:45 p.m.56 views

CVE-2026-10200

Assimp up to 6.0.4 contains a heap-based buffer overflow in glTFCommon::CopyValue (glTFCommon.h) within the 4x4 Matrix Parser. The vulnerability is triggered by a local-position manipulation and affects the affected library/component. The exploit has been made public, with a proof-of-concept publ...

5.3CVSS6AI score0.00124EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/05/31 10:15 p.m.11 views

CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0
OSV
OSV
added 2026/05/31 10:15 p.m.4 views

CVE-2026-10198 Assimp glTFImporter glTFImporter.cpp ImportMeshes null pointer dereference

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:15 p.m.13 views

CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References7
Rows per page
Query Builder