CVE-2026-4681

A critical remote code execution RCE vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0,...

CVE-2023-31200

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...

EUVD-2018-8979

Malware in sbrugna...

EUVD-2018-8980

Malware in sbrugna...

EUVD-2014-9092

Malware in sbrugna...

EUVD-2018-12667

Malware in sbrugna...

EUVD-2018-8978

Malware in sbrugna...

EUVD-2015-2174

Malware in sbrugna...

EUVD-2023-54167

Malicious code in bioql PyPI...

EUVD-2023-35516

Malicious code in bioql PyPI...

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

Malicious code in @ibm-ptc/greetings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f71d576fd2d90654e6e24915ecd219a4f6fe2c520a75b001e662759aa3b850ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2626 Malicious code in @ibm-ptc/greetings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f71d576fd2d90654e6e24915ecd219a4f6fe2c520a75b001e662759aa3b850ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-3951

PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...

CVE-2024-6071

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server...

MAL-2024-8796 Malicious code in ptc_creo_parametric_2_0_torrent_top__4fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9888fffd9dcddf494a18ee48a7b8170ca94fbe732abc2218a3124fd740ad003f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

CVE-2024-40395

CVE-2024-40395 : Concrete details across multiple connected sources confirm an Insecure Direct Object Reference (IDOR) in PT C ThingWorx v9.5.0 that lets an attacker view sensitive information, including PII, regardless of access level. The root cause is an IDOR in ThingWorx 9.5.0; impact is expo...

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...