VYPR
Vendor

Trimble

Products
11
CVEs
47
Across products
52
Status
Private

Products

11

Recent CVEs

47
View all 47 CVEs →
  • CVE-2023-27195CriNov 8, 2024
    risk 0.64cvss 9.8epss 0.01

    Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create…

  • CVE-2026-9264CriMay 22, 2026
    risk 0.60cvss 9.3epss 0.00

    A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window,…

  • CVE-2025-15062HigJan 23, 2026
    risk 0.51cvss 7.8epss 0.00

    Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target…

  • CVE-2025-60749HigOct 31, 2025
    risk 0.51cvss 7.8epss 0.00

    DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.

  • CVE-2025-0994KEVFeb 6, 2025
    risk 0.18cvss epss 0.27

    Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet…

  • CVE-2025-0220LowJan 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack…

  • CVE-2025-0219LowJan 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The manipulation of the argument System Name leads to cross site scripting. The…

  • CVE-2013-3663Jun 13, 2014
    risk 0.03cvss epss 0.32

    Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.

  • CVE-2013-3664Jul 1, 2014
    risk 0.02cvss epss 0.30

    Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2013-7388Jul 1, 2014
    risk 0.01cvss epss 0.13

    Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different…

  • CVE-2025-2024Mar 7, 2025
    risk 0.00cvss epss 0.00

    Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that…

  • CVE-2024-7511Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this…

  • CVE-2024-7510Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target…

  • CVE-2024-7509Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in…

  • CVE-2024-7508Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this…

  • CVE-2024-9731Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability…

  • CVE-2024-9730Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability…

  • CVE-2024-9729Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in…

  • CVE-2024-9728Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in…

  • CVE-2024-9727Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in…