VYPR

Vendor CVEs

Dassault Systèmes

All CVEs

77 total · sorted by risk
  • CVE-2014-2072CriJan 8, 2020
    risk 0.67cvss 9.8epss 0.07

    Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks

  • CVE-2026-7858CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.01

    A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code…

  • CVE-2014-2073CriApr 10, 2018
    risk 0.64cvss 9.8epss 0.05

    Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus."

  • CVE-2024-3300CriMay 30, 2024
    risk 0.61cvss 9.0epss 0.03

    An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.

  • CVE-2024-1624CriMar 1, 2024
    risk 0.61cvss 9.4epss 0.02

    An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA…

  • CVE-2023-1287CriMar 9, 2023
    risk 0.59cvss 9.0epss 0.01

    An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.

  • CVE-2026-9024HigJun 1, 2026
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-10553HigMar 31, 2026
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-10551HigMar 31, 2026
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2026-2101HigFeb 16, 2026
    risk 0.57cvss 8.7epss 0.00

    A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-10555HigNov 24, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-4992HigMay 30, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-4991HigMay 30, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-4990HigMay 30, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-4989HigMay 30, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-4988HigMay 30, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-4983HigMay 30, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-0602HigMay 30, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2025-0827HigMar 17, 2025
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2024-7737HigSep 19, 2024
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2023-2141HigApr 21, 2023
    risk 0.55cvss 8.5epss 0.01

    An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.

  • CVE-2026-1284HigJan 26, 2026
    risk 0.51cvss 7.8epss 0.00

    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

  • CVE-2026-1283HigJan 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

  • CVE-2025-9450HigSep 17, 2025
    risk 0.51cvss 7.8epss 0.00

    A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

  • CVE-2025-9447HigSep 17, 2025
    risk 0.51cvss 7.8epss 0.00

    An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

  • CVE-2025-7042HigJul 15, 2025
    risk 0.51cvss 7.8epss 0.00

    Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.

  • CVE-2025-6974HigJul 15, 2025
    risk 0.51cvss 7.8epss 0.00

    Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

  • CVE-2025-6973HigJul 15, 2025
    risk 0.51cvss 7.8epss 0.00

    Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

  • CVE-2025-6972HigJul 15, 2025
    risk 0.51cvss 7.8epss 0.00

    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.

  • CVE-2025-6971HigJul 15, 2025
    risk 0.51cvss 7.8epss 0.00

    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.

  • CVE-2025-0831HigJul 15, 2025
    risk 0.51cvss 7.8epss 0.00

    Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

  • CVE-2025-1884HigMay 2, 2025
    risk 0.51cvss 7.8epss 0.00

    Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.

  • CVE-2024-8040HigOct 16, 2024
    risk 0.50cvss 7.7epss 0.00

    An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.

  • CVE-2023-2140HigApr 21, 2023
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.

  • CVE-2025-10559HigMar 31, 2026
    risk 0.46cvss 7.1epss 0.00

    A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.

  • CVE-2023-1288MedMar 9, 2023
    risk 0.44cvss 6.8epss 0.01

    An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.

  • CVE-2023-1996MedMay 19, 2023
    risk 0.40cvss 6.1epss 0.00

    A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

  • CVE-2023-5597MedMay 17, 2024
    risk 0.35cvss 5.4epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code.

  • CVE-2023-5599MedNov 21, 2023
    risk 0.35cvss 5.4epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

  • CVE-2023-5598MedNov 21, 2023
    risk 0.35cvss 5.4epss 0.00

    Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.

  • CVE-2023-2139MedApr 21, 2023
    risk 0.35cvss 5.4epss 0.00

    A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.

  • CVE-2024-0935MedFeb 1, 2024
    risk 0.29cvss 4.4epss 0.00

    Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024

  • CVE-2025-6205KEVAug 4, 2025
    risk 0.19cvss epss 0.69

    A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

  • CVE-2025-5086KEVJun 2, 2025
    risk 0.15cvss epss 0.89

    A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

  • CVE-2025-6204KEVAug 4, 2025
    risk 0.13cvss epss 0.75

    An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

  • CVE-2026-10094Jun 17, 2026
    risk 0.00cvss epss 0.00

    A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.

  • CVE-2026-1335Feb 16, 2026
    risk 0.00cvss epss 0.00

    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

  • CVE-2026-1334Feb 16, 2026
    risk 0.00cvss epss 0.00

    An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

  • CVE-2026-1333Feb 16, 2026
    risk 0.00cvss epss 0.00

    A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT…

  • CVE-2025-12956Dec 8, 2025
    risk 0.00cvss epss 0.00

    A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

Page 1 of 2