These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A stored cross-site scripting (XSS) vulnerability in DELMIA Service Process Engineer affects the Process Experience Studio component across 3DEXPERIENCE R2024x through R2026x. The flaw, rated CVSS 3.1 8.7 (High), could allow an authenticated attacker with low privileges to execute arbitrary script code in a victim's browser session. The attack requires user interaction and has a changed scope (S:C), with [truncated]
A critical deserialization vulnerability in Dassault Systèmes' Teamwork Cloud and Magic Collaboration Studio products enables unauthenticated remote code execution. The flaw stems from unsafe deserialization of untrusted data (CWE-502) across multiple product releases from 2022x through 2026x. The CVSS 3.1 score of 9.8 reflects network attack vector, low complexity, no privileges required, and no user int [truncated]
CVE-2026-3476 is a Code Injection vulnerability in SOLIDWORKS Desktop from Release 2025 through Release 2026. An attacker could execute arbitrary code on the user's machine by opening a specially crafted file. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
CVE-2025-6205 is a missing-authorization vulnerability in Dassault Systèmes DELMIA Apriso that CISA added to its Known Exploited Vulnerabilities catalog on 2025-10-28. Because CISA classifies it as known exploited, defenders should treat it as an active risk rather than a theoretical issue. CISA’s guidance is to apply vendor mitigations, follow BOD 22-01 guidance for cloud services when applicable, or dis [truncated]
CVE-2025-6204 affects Dassault Systèmes DELMIA Apriso and is described by CISA as a code injection vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-10-28, which makes it a high-priority issue for defenders. Organizations running DELMIA Apriso should review the vendor’s advisory and apply any available mitigations as soon as possible, or discontinue use if mitigations are [truncated]
CVE-2025-5086 is a Dassault Systèmes DELMIA Apriso deserialization of untrusted data vulnerability that CISA has added to its Known Exploited Vulnerabilities catalog. That KEV listing means CISA considers the issue actively exploited or otherwise confirmed as exploited. The supplied corpus does not include affected versions, CVSS scoring, or patch build details, so defenders should use the vendor’s securi [truncated]
