EUVD-2026-32738

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

CVE-2026-7453 WRL File Parsing Memory Exhaustion in Autodesk 3ds Max

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...

EUVD-2026-31911

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2026-7451

CVE-2026-7451 : A maliciously crafted TIF file, when parsed by Autodesk 3ds Max , can trigger an Out-of-Bounds Write in the process. The vulnerability may allow a malicious actor to cause a crash, data corruption, or execute arbitrary code in the context of the current process. Connected sources ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disabling coherent dumb buffers is no longer necessary when 3D is not enabled. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains ...

PT-2026-41384

Уязвимость программы для создания текстур и материалов для 3D моделей Adobe Substance 3D Sampler связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код...

CVE-2023-47268

A flaw was found in PrusaSlicer. A remote attacker could exploit this vulnerability by providing a specially crafted 3mf project file. When this malicious file is processed by slicing the project and exporting G-code, it can lead to arbitrary code execution on the host system. This allows an...

EUVD-2023-51398

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

DEBIAN-CVE-2023-47268

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

Spying across Chiplets: Side-Channel Attacks in 2.5/3D Integrated Systems

Advanced packaging and chiplet-based integration are increasingly adopted to build complex heterogeneous systems beyond the limits of monolithic scaling. While these architectures offer major benefits in terms of modularity, yield, and performance, they also introduce new physical attack surfaces...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the RWStlReader::ReadAscii process when buffers returned by StandardReadLineBuffer::ReadLine are not properly length-validated before being used in strncasecmp or accessed directly. An attacker can cause denial of...

CVE-2026-42476

Two heap-based out-of-bounds read vulnerabilities affect Open CASCADE Technology (OCCT) V8_0_0_rc5 in the STL ASCII file parser (RWStl_Reader::ReadAscii). In CTL: buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access, en...

PT-2026-36171

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

[SECURITY] Fedora 44 Update: qt6-qt3d-6.10.3-1.fc44

Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of continuous tracking of the prev/next mappings. This vulnerability may cause warnings...

EUVD-2026-22885

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

CVE-2026-40729

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

CVE-2026-40729

CVE-2026-40729 affects the WordPress plugin “bPlugins 3D viewer – Embed 3D Models” 1.8.5) as recommended by PT-2026-33040. No exploitation details are present in the connected documents beyond the general vulnerability description. Monitor for updates and vendor advisories for any confirmed expl...