301 matches found
CVE-2025-53007
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...
CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...
CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...
CVE-2025-53007
Arduino-ESP32 (Arduino core for ESP32) prior to 3.3.0-RC1 and 3.2.1 is affected by an HTTP Response Splitting vulnerability in WebServer.cpp: the sendHeader function accepts unvalidated header name/value, enabling CRLF injection to add headers or disrupt the HTTP response. Impact can include head...
CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...
PT-2025-26980 · Arduino · Arduino-Esp32
Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1 Description: The issue concerns a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP head...
arduino-esp32 注入漏洞
arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An injection vulnerability exists in arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1, which stems from an HTTP response splitting vulnerability in the sendHeader function...
CVE-2024-45798
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
CVE-2023-43802
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...
CVE-2019-13991
Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs directly connected to GPIO pins via a laser, because of LED photosensitivity...
MAL-2025-3983 Malicious code in arduino-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d38c56c0dc9db93761b7dd740096864d883277825e27bba160aa0734be2c6b30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in arduino-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d38c56c0dc9db93761b7dd740096864d883277825e27bba160aa0734be2c6b30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mock-arduino (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48d73b70939f251f17499370180f9ead09a5ee724078cbec4a11fe29a9a9f02b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-27608
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608
Arduino IDE 2.x (Electron-based Theia-derived IDE) contains a Self-XSS vulnerability in the Additional Board Manager URLs field found under Preferences → Settings. In vulnerable releases prior to 2.3.5, input in this field is displayed to users via a notification tooltip without proper output enc...
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
Arduino IDE 跨站脚本漏洞
Arduino IDE is an Arduino open source development tool. A cross-site scripting vulnerability exists in Arduino IDE versions prior to 2.3.5, which stems from a self-cross-site scripting vulnerability in the Additional Board Manager URLs field...