Filtered by vendor 3ds
Subscribe
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1334 | 1 3ds | 1 Solidworks Edrawings | 2026-02-26 | N/A | 7.8 HIGH |
|
An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
|
|||||
| CVE-2026-1335 | 1 3ds | 1 Solidworks Edrawings | 2026-02-26 | N/A | 7.8 HIGH |
|
An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
|
|||||
| CVE-2026-1333 | 1 3ds | 1 Solidworks Edrawings | 2026-02-26 | N/A | 7.8 HIGH |
|
A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
|
|||||
| CVE-2025-10554 | 1 3ds | 1 3dexperience Enovia | 2026-01-12 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-12956 | 1 3ds | 1 3dexperience Enovia | 2026-01-12 | N/A | 8.7 HIGH |
|
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-10552 | 1 3ds | 1 3dswymer | 2025-12-04 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-10558 | 1 3ds | 1 3dswymer | 2025-12-04 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-5086 | 1 3ds | 1 Delmia Apriso | 2025-10-29 | N/A | 9.0 CRITICAL |
|
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
|
|||||
| CVE-2025-6205 | 1 3ds | 1 Delmia Apriso | 2025-10-29 | N/A | 9.1 CRITICAL |
|
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
|
|||||
| CVE-2025-6204 | 1 3ds | 1 Delmia Apriso | 2025-10-29 | N/A | 8.0 HIGH |
|
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
|
|||||
| CVE-2024-6380 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2024-12089 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2024-12090 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2024-12091 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2024-12092 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0596 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0598 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0599 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0600 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0601 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0826 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0828 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0829 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0832 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0830 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0833 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2024-7736 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
|
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-10556 | 1 3ds | 1 3dexperience Enovia | 2025-10-21 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-10557 | 1 3ds | 1 3dexperience Enovia | 2025-10-21 | N/A | 8.7 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2012-4882 | 1 3ds | 1 3d Xml Player | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2013-4721 | 2 3ds, Typo3 | 2 Push2rss 3ds, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-4883 | 1 3ds | 1 3dvia Composer | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-0809 | 2 3ds, Ibm | 2 Enovia Smarteam, Catia | 2025-04-09 | 3.5 LOW | N/A |
|
The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object.
|
|||||
| CVE-2024-0935 | 1 3ds | 1 Delmia Apriso | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024
|
|||||
| CVE-2023-6078 | 1 3ds | 1 Biovia Materials Studio | 2024-11-21 | N/A | 8.8 HIGH |
|
An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.
|
|||||
| CVE-2023-3589 | 1 3ds | 1 Teamwork Cloud No Magic Release | 2024-11-21 | N/A | 6.8 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
|
|||||
| CVE-2023-3588 | 1 3ds | 1 Teamwork Cloud No Magic Release | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.
|
|||||
| CVE-2023-2763 | 1 3ds | 1 3dexperience Solidworks | 2024-11-21 | N/A | 7.8 HIGH |
|
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.
|
|||||
| CVE-2023-2762 | 1 3ds | 1 3dexperience Solidworks | 2024-11-21 | N/A | 7.8 HIGH |
|
A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.
|
|||||
| CVE-2023-2141 | 1 3ds | 1 Delmia Apriso | 2024-11-21 | N/A | 8.5 HIGH |
|
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.
|
|||||