Trimble
Products
11- 30 CVEs
- 12 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
47| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27195 | Cri | 0.64 | 9.8 | 0.01 | Nov 8, 2024 | Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create… | ||
| CVE-2026-9264 | Cri | 0.60 | 9.3 | 0.00 | May 22, 2026 | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window,… | ||
| CVE-2025-15062 | Hig | 0.51 | 7.8 | 0.00 | Jan 23, 2026 | Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target… | ||
| CVE-2025-60749 | Hig | 0.51 | 7.8 | 0.00 | Oct 31, 2025 | DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe. | ||
| CVE-2025-0994 | 0.18 | — | 0.27 | KEV | Feb 6, 2025 | Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet… | ||
| CVE-2025-0220 | Low | 0.16 | 2.4 | 0.00 | Jan 5, 2025 | A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack… | ||
| CVE-2025-0219 | Low | 0.16 | 2.4 | 0.00 | Jan 5, 2025 | A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The manipulation of the argument System Name leads to cross site scripting. The… | ||
| CVE-2013-3663 | 0.03 | — | 0.32 | Jun 13, 2014 | Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP. | |||
| CVE-2013-3664 | 0.02 | — | 0.30 | Jul 1, 2014 | Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete… | |||
| CVE-2013-7388 | 0.01 | — | 0.13 | Jul 1, 2014 | Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different… | |||
| CVE-2025-2024 | 0.00 | — | 0.00 | Mar 7, 2025 | Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that… | |||
| CVE-2024-7511 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this… | |||
| CVE-2024-7510 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target… | |||
| CVE-2024-7509 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in… | |||
| CVE-2024-7508 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this… | |||
| CVE-2024-9731 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability… | |||
| CVE-2024-9730 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability… | |||
| CVE-2024-9729 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in… | |||
| CVE-2024-9728 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in… | |||
| CVE-2024-9727 | 0.00 | — | 0.00 | Nov 22, 2024 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in… |
- risk 0.64cvss 9.8epss 0.01
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create…
- risk 0.60cvss 9.3epss 0.00
A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window,…
- risk 0.51cvss 7.8epss 0.00
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target…
- risk 0.51cvss 7.8epss 0.00
DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
- risk 0.18cvss —epss 0.27
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet…
- risk 0.16cvss 2.4epss 0.00
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack…
- risk 0.16cvss 2.4epss 0.00
A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The manipulation of the argument System Name leads to cross site scripting. The…
- CVE-2013-3663Jun 13, 2014risk 0.03cvss —epss 0.32
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
- CVE-2013-3664Jul 1, 2014risk 0.02cvss —epss 0.30
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete…
- CVE-2013-7388Jul 1, 2014risk 0.01cvss —epss 0.13
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different…
- CVE-2025-2024Mar 7, 2025risk 0.00cvss —epss 0.00
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that…
- CVE-2024-7511Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this…
- CVE-2024-7510Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target…
- CVE-2024-7509Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in…
- CVE-2024-7508Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this…
- CVE-2024-9731Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability…
- CVE-2024-9730Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability…
- CVE-2024-9729Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in…
- CVE-2024-9728Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in…
- CVE-2024-9727Nov 22, 2024risk 0.00cvss —epss 0.00
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in…