Lucene search
+L

250 matches found

nvd
nvd
added 2026/07/08 9:16 a.m.9 views

CVE-2026-57260

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
cve
cve
added 2026/07/08 7:35 a.m.10 views

CVE-2026-57260

Technical details are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6AI score0.00116EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2026/07/08 7:35 a.m.33 views

CVE-2026-57260 Security vulnerability in Foxit PDF Editor/Reader — U3D Adobe Mesh Decompression (Type Confusion / Invalid Pointer Dereference)

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
osv
osv
added 2026/06/24 1:20 p.m.4 views

CVE-2026-42450 OpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parser

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer4096, so a crafted .spi3d file can overflow by 4000 bytes on...

8.4CVSS6AI score0.0012EPSS
Exploits0References4
nessus
nessus
added 2026/06/12 12:0 a.m.14 views

Adobe Substance 3D Sampler <= 6.0.0 Multiple Arbitrary Code Execution Vulnerabilities (APSB26-60)

The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 6.0.0. It is, therefore, affected by multiple out-of-bounds write vulnerabilities as referenced in the APSB26-60 advisory. - Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bound...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/09 7:15 p.m.10 views

CVE-2026-48306 Substance3D - Sampler | Out-of-bounds Write (CWE-787)

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00141EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:22 p.m.10 views

CVE-2026-34682

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00148EPSS
Exploits0References1
nvd
nvd
added 2026/05/28 8:16 a.m.27 views

CVE-2026-8682

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2026/05/28 6:45 a.m.13 views

CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.24 views

PT-2026-44208

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References9
patchstack
patchstack
added 2026/05/27 12:0 a.m.15 views

WordPress 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On versions = 2.0.1...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Firefox

By using 3D CSS in conjunction with JavaScript, content could be rendered outside the webpage’s viewport. This led to a spoofing attack that could be used for phishing or other attacks against users. This vulnerability affects Firefox versions earlier than 88...

6.5CVSS6.8AI score0.00719EPSS
Exploits0References1
ossf
ossf
added 2026/05/20 2:48 a.m.12 views

Malicious code in @web-3d-tool/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e96a726cf0732113215b2026a7a59fc6bf471f86d34153fea3a0e32b275fb5 @web-3d-tool/sdk is a near-empty package trivial 35-byte index.js, empty author/description metadata whose only effect on install is to pull in a...

6.3AI score
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/12 5:42 p.m.11 views

CVE-2026-34675 Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00138EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/04 8:21 p.m.12 views

CVE-2026-7594

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

7.5CVSS6.8AI score0.00418EPSS
Exploits0References1
fedora
fedora
added 2026/04/25 1:55 a.m.14 views

[SECURITY] Fedora 44 Update: qt6-qtquick3d-6.10.3-1.fc44

The Qt 6 Quick3D library...

5.2AI score
Exploits0
cvelist
cvelist
added 2026/04/14 8:40 a.m.31 views

CVE-2025-40745

A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...

6.3CVSS0.00137EPSS
Exploits0References1
nessus
nessus
added 2026/04/14 12:0 a.m.5 views

Adobe Bridge 15.1.4 < 15.1.5 / 16.x < 16.0.3 Multiple Vulnerabilities (APSB26-39)

The version of Adobe Bridge installed on the remote Windows host is prior to 15.1.5 or 16.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-39 advisory. - Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability th...

7.8CVSS6.4AI score0.00259EPSS
Exploits0References7
euvd
euvd
added 2026/03/10 9:32 p.m.4 views

EUVD-2026-10751

Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References2
nvd
nvd
added 2026/03/10 7:17 p.m.5 views

CVE-2026-27274

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00139EPSS
Exploits0References1
Rows per page
Query Builder