Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-7042

Summary
Assigner-3DS
Assigner Org ID-f5a594e6-46a7-4e60-8a08-0a786e70e433
Published At-15 Jul, 2025 | 15:04
Updated At-15 Jul, 2025 | 15:18
Rejected At-
Credits

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:3DS
Assigner Org ID:f5a594e6-46a7-4e60-8a08-0a786e70e433
Published At:15 Jul, 2025 | 15:04
Updated At:15 Jul, 2025 | 15:18
Rejected At:
▼CVE Numbering Authority (CNA)
Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.

Affected Products
Vendor
Dassault Systèmes S.E. (3DS)Dassault Systèmes
Product
SOLIDWORKS eDrawings
Default Status
unaffected
Versions
Affected
  • From Release SOLIDWORKS Desktop 2025 SP0 through Release SOLIDWORKS Desktop 2025 SP2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042
N/A
Hyperlink: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:3DS.Information-Security@3ds.com
Published At:15 Jul, 2025 | 15:15
Updated At:15 Jul, 2025 | 20:07

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-416Secondary3DS.Information-Security@3ds.com
CWE ID: CWE-416
Type: Secondary
Source: 3DS.Information-Security@3ds.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-70423DS.Information-Security@3ds.com
N/A
Hyperlink: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042
Source: 3DS.Information-Security@3ds.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

785Records found
CVE-2024-3299
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.69%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 15:13
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the SLDDRW and SLDPRT file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-eDrawingsedrawings
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-1848
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.63%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 10:58
Updated-02 Sep, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities exist in file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS Desktop3dexperience_solidworks
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-416
Use After Free
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-1847
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.79%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 17:34
Updated-02 Sep, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-eDrawingsedrawings
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-416
Use After Free
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-2763
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.28%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 07:05
Updated-05 Sep, 2024 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-3dexperience_solidworksSOLIDWORKS Desktop
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-2762
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 07:05
Updated-07 Nov, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-3dexperience_solidworksSOLIDWORKS Desktop
CWE ID-CWE-416
Use After Free
CVE-2025-9449
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.12%
||
7 Day CHG-0.02%
Published-17 Sep, 2025 | 06:13
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-416
Use After Free
CVE-2025-6971
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 15:02
Updated-15 Jul, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-416
Use After Free
CVE-2025-6973
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 15:03
Updated-15 Jul, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-416
Use After Free
CVE-2025-6972
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 15:02
Updated-15 Jul, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-416
Use After Free
CVE-2025-1884
Matching Score-10
Assigner-Dassault Systèmes
ShareView Details
Matching Score-10
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 15:03
Updated-05 May, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-After-Free vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-416
Use After Free
CVE-2026-1283
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 13:25
Updated-03 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-1284
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.52%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 13:25
Updated-03 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3298
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 15:11
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the DWG and DXF file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-eDrawingsedrawings
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-9450
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.12%
||
7 Day CHG-0.02%
Published-17 Sep, 2025 | 06:13
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2024-10204
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.04%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 13:15
Updated-19 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025

Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-eDrawingsedrawings
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-9447
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.12%
||
7 Day CHG-0.02%
Published-17 Sep, 2025 | 06:12
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-Of-Bounds Read affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-6974
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 15:04
Updated-15 Jul, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2025-1883
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 15:03
Updated-05 May, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-Of-Bounds Write vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted OBJ file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0831
Matching Score-8
Assigner-Dassault Systèmes
ShareView Details
Matching Score-8
Assigner-Dassault Systèmes
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 15:00
Updated-15 Jul, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-SOLIDWORKS eDrawings
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28641
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.52% / 87.36%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16390.

Action-Not Available
Vendor-Bentley Systems, Incorporated
Product-microstationviewMicroStation CONNECT
CWE ID-CWE-416
Use After Free
CVE-2022-28835
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.15%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 13:06
Updated-27 Feb, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-incopywindowsmacosInCopy
CWE ID-CWE-416
Use After Free
CVE-2022-2889
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.61%
||
7 Day CHG~0.00%
Published-19 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

Use After Free in GitHub repository vim/vim prior to 9.0.0225.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-416
Use After Free
CVE-2022-2946
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

Use After Free in GitHub repository vim/vim prior to 9.0.0246.

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-416
Use After Free
CVE-2022-28680
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.94%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 18:42
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16821.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2022-28675
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.81%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 18:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16642.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readerPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2022-2896
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.66%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 20:54
Updated-16 Apr, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Measuresoft ScadaPro Server Use After Free

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.

Action-Not Available
Vendor-measuresoftMeasuresoft
Product-scadapro_serverScadaPro Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-416
Use After Free
CVE-2022-28674
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.81%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 18:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16644.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readerPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2022-28677
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.81%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 18:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16663.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readerPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2022-28671
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.81%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 18:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16639.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readerPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2022-28678
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.94%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 18:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16805.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readerPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2018-10756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.38% / 84.68%
||
7 Day CHG~0.00%
Published-15 May, 2020 | 15:56
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.

Action-Not Available
Vendor-transmissionbtn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoratransmissionn/a
CWE ID-CWE-416
Use After Free
CVE-2022-28849
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-22.45% / 95.69%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:29
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsbridgemacosBridge
CWE ID-CWE-416
Use After Free
CVE-2024-49530
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.62%
||
7 Day CHG-0.02%
Published-10 Dec, 2024 | 19:54
Updated-21 Jan, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-acrobat_readeracrobatacrobat_reader_dcacrobat_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2022-28672
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-22.02% / 95.64%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 18:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16640.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readerPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2024-47418
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.71%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 09:26
Updated-10 Oct, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Use After Free (CWE-416)

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-416
Use After Free
CVE-2024-47413
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.71%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 09:26
Updated-10 Oct, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Use After Free (CWE-416)

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-416
Use After Free
CVE-2020-6115
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.39%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 12:19
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability.

Action-Not Available
Vendor-gonitron/a
Product-nitro_proNitro Pro
CWE ID-CWE-416
Use After Free
CVE-2024-49021
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.89% / 75.02%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (CU 29)Microsoft SQL Server 2022 for (CU 15)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-416
Use After Free
CVE-2024-49027
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.80% / 73.60%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft Excel 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-416
Use After Free
CVE-2024-49142
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.85%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Access Remote Code Execution Vulnerability

Microsoft Access Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeaccess365_appsoffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Access 2016 (64-bit edition)Microsoft Office 2019Microsoft Office LTSC 2024Microsoft Access 2016 (32-bit edition)
CWE ID-CWE-416
Use After Free
CVE-2024-49032
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.89% / 75.02%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-416
Use After Free
CVE-2023-28285
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.57% / 81.21%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021
CWE ID-CWE-416
Use After Free
CVE-2024-49526
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.09%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 16:14
Updated-18 Nov, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Use After Free (CWE-416)

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-416
Use After Free
CVE-2022-28242
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.27% / 84.33%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:37
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2024-49079
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 67.25%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Input Method Editor (IME) Remote Code Execution Vulnerability

Input Method Editor (IME) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_24h2windows_server_2025windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2022-28303
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.57% / 85.22%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16280.

Action-Not Available
Vendor-Bentley Systems, Incorporated
Product-microstationviewView
CWE ID-CWE-416
Use After Free
CVE-2024-45146
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.71%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 08:51
Updated-18 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dimension | Use After Free (CWE-416)

Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsdimensionmacosDimensiondimension
CWE ID-CWE-416
Use After Free
CVE-2024-43758
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.90%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 08:37
Updated-13 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Use After Free (CWE-416)

Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-416
Use After Free
CVE-2024-43504
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-12.88% / 93.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft Excel 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2024-49069
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.15%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Excel 2016Microsoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found