EUVD-2026-37831

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

CVE-2026-12569

This CVE affects PTC Windchill PDMlink and PTC FlexPLM (and CPS) with a critical remote code execution via deserialization of untrusted data. Affected versions are Windchill PDMlink and FlexPLM prior to 11.0 M030 (per multiple sources), with remediation to 11.0 M030 or later. The issue is exploit...

CVE-2026-4681

A critical remote code execution RCE vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0,...

CVE-2023-31200

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...

EUVD-2018-8979

Malware in sbrugna...

EUVD-2014-9092

Malware in sbrugna...

EUVD-2015-2174

Malware in sbrugna...

EUVD-2018-8978

Malware in sbrugna...

EUVD-2018-8980

Malware in sbrugna...

EUVD-2018-12667

Malware in sbrugna...

EUVD-2023-35516

Malicious code in bioql PyPI...

EUVD-2023-54167

Malicious code in bioql PyPI...

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

Malicious code in @ibm-ptc/greetings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f71d576fd2d90654e6e24915ecd219a4f6fe2c520a75b001e662759aa3b850ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2626 Malicious code in @ibm-ptc/greetings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f71d576fd2d90654e6e24915ecd219a4f6fe2c520a75b001e662759aa3b850ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-3951

PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...

CVE-2024-6071

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server...

MAL-2024-8796 Malicious code in ptc_creo_parametric_2_0_torrent_top__4fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9888fffd9dcddf494a18ee48a7b8170ca94fbe732abc2218a3124fd740ad003f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...