PT-2026-25703

Name of the Vulnerable Software and Affected Versions SOLIDWORKS Desktop versions 2025 through 2026 Description A code injection issue exists in SOLIDWORKS Desktop. Successful exploitation while opening a specially crafted file could allow an attacker to execute arbitrary code on the user's...

Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2284 Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62405 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer SmartNetSetClientList functionality of Tp-Link AX53 v1...

Tp-Link AX53 v1.0 tmpServer opcode 0x441 Write-What-Where vulnerability

Talos Vulnerability Report TALOS-2025-2285 Tp-Link AX53 v1.0 tmpServer opcode 0x441 Write-What-Where vulnerability March 16, 2026 CVE Number CVE-2025-59487 SUMMARY A write-what-where vulnerability exists in the tmpServer opcode 0x441 functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120...

Tp-Link AX53 v1.0 tmpServer opcode 0xe01 out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2025-2288 Tp-Link AX53 v1.0 tmpServer opcode 0xe01 out-of-bounds write vulnerability March 16, 2026 CVE Number CVE-2025-61944 SUMMARY An out-of-bounds write vulnerability exists in the tmpServer opcode 0xe01 functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120...

Tp-Link AX53 v1.0 tmpServer opcode 0x1003 stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2289 Tp-Link AX53 v1.0 tmpServer opcode 0x1003 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-58455 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x1003 functionality of Tp-Link AX53 v1.0 1.3....

Tp-Link AX53 v1.0 tmpServer opcode 0x643 stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2287 Tp-Link AX53 v1.0 tmpServer opcode 0x643 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62404 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x643 functionality of Tp-Link AX53 v1.0 1.3.1...

CVE-2026-28520

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...

KLA90942 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds write vulnerability in Skia can be exploited to cause denial of service. 2. Inappropria...

[SECURITY] [DLA 4500-1] gimp security updat

------------------------------------------------------------------------- Debian LTS Advisory DLA-4500-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 14, 2026 https://wiki.debian.org/LTS -...

CLSA-2026-1773505564 vim: Fix of CVE-2026-26269

CVE-2026-26269: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server...

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the handling of coordinates due to insufficient validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can achieve arbitrary code execution by enticing a use...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the processing of APS units due to insufficient validation of user-supplied data. An attacker can achieve arbitrary code execution by providing crafted input that triggers a write past the end of an allocated buff...

EUVD-2026-12037

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

EUVD-2026-12039

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

EUVD-2026-12041

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

EUVD-2026-12177

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

GHSA-99QW-6MR3-36QR OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories

Summary OpenClaw automatically discovered and loaded plugins from .openclaw/extensions/ inside the current workspace without an explicit trust or install step. A malicious repository could include a crafted workspace plugin that executed as soon as a user ran OpenClaw from that cloned directory...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic plugin discovery in .openclaw/extensions/. An attacker can execute arbitrary code by including a malicious plugin in a cloned repository,...