116 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...
GO-2026-5286 Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer in code.gitea.io/gitea
Gitea: Stored XSS via glTF extensionsRequired in Gitea 3D File Viewer in code.gitea.io/gitea...
GHSA-9CPJ-QC93-VW8V Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer
Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...
CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-32738
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-22885
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...
CVE-2026-40729
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...
CVE-2026-40729
CVE-2026-40729 affects the WordPress plugin “bPlugins 3D viewer – Embed 3D Models” 1.8.5) as recommended by PT-2026-33040. No exploitation details are present in the connected documents beyond the general vulnerability description. Monitor for updates and vendor advisories for any confirmed expl...
PT-2026-33040
Name of the Vulnerable Software and Affected Versions bPlugins 3D viewer – Embed 3D Models versions prior to 1.8.6 Description Incorrectly configured access control security levels lead to a missing authorization issue, allowing for the exploitation of security levels. Recommendations Update to a...
WordPress plugin 3D viewer – Embed 3D Models 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-59332
3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8, the parser tag and the 3d parser function allow users to provide custom attributes that are then appended to the canvas HTML element that is being output by the extension. The attributes are not sanitized, which means that...
The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to reading data beyond the buffer in memory, allows attackers to gain unauthorized access to protected information.
The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...
The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to writing beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system lies in the ability to write data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow attackers to execute arbitrary code...
The vulnerability of the 3D viewing tool JT and JT2Go lies in the overflow of buffers in the stack, allowing attackers to execute arbitrary code.
The vulnerability of the 3D viewing tool JT and JT2Go is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Teamcenter Visualization lifecycle management system and the 3D JT/JT2Go viewer tool relates to buffer overflow in the stack. This allows an attacker to execute arbitrary code.
The vulnerability of the Teamcenter Visualization lifecycle management system and the 3D JT/JT2Go viewer tool is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially created XML files...
The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to operations occurring outside the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system lies in the execution of operations beyond the buffer in memory when processing CGM format files. Exploiting this vulnerability can allow attackers to execute arbitrary code...