VYPR
Vendor

Solidworks

Products
3
CVEs
7
Across products
10
Status
Private

Products

3

Recent CVEs

7
  • CVE-2026-3476HigMar 16, 2026
    risk 0.51cvss 7.8epss 0.00

    A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.

  • CVE-2024-1848HigMar 22, 2024
    risk 0.51cvss 7.8epss 0.00

    Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These…

  • CVE-2023-2763HigJul 12, 2023
    risk 0.51cvss 7.8epss 0.00

    Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute…

  • CVE-2023-2762HigJul 12, 2023
    risk 0.51cvss 7.8epss 0.00

    A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.

  • CVE-2014-100015Jan 13, 2015
    risk 0.08cvss epss 0.57

    Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.

  • CVE-2014-100014Jan 13, 2015
    risk 0.03cvss epss 0.06

    Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.

  • CVE-2007-1684Apr 6, 2007
    risk 0.00cvss epss 0.05

    The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments.