120525 matches found
Tp-Link AX53 v1.0 tmpServer opcode 0x643 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2287 Tp-Link AX53 v1.0 tmpServer opcode 0x643 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62404 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x643 functionality of Tp-Link AX53 v1.0 1.3.1...
PT-2026-25625
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...
CVE-2025-69784
A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...
CVE-2025-69809
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet...
PT-2026-25776
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2025-65734
An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file...
PT-2026-25623
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...
arduino-TuyaOpen 安全漏洞
Arduino-TuyaOpen is an IoT development framework based on Arduino, open-sourced by Tuya. Versions of Arduino-TuyaOpen prior to 1.2.1 contained security vulnerabilities. These vulnerabilities stemmed from a single-byte buffer overflow in the WiFiMulti component, which could allow for the execution...
Tp-Link AX53 v1.0 tmpServer opcode 0x1003 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2289 Tp-Link AX53 v1.0 tmpServer opcode 0x1003 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-58455 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x1003 functionality of Tp-Link AX53 v1.0 1.3....
Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2284 Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62405 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer SmartNetSetClientList functionality of Tp-Link AX53 v1...
CVE-2026-28520
arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...
KLA90942 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds write vulnerability in Skia can be exploited to cause denial of service. 2. Inappropria...
CLSA-2026-1773505564 vim: Fix of CVE-2026-26269
CVE-2026-26269: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the handling of coordinates due to insufficient validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can achieve arbitrary code execution by enticing a use...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the processing of APS units due to insufficient validation of user-supplied data. An attacker can achieve arbitrary code execution by providing crafted input that triggers a write past the end of an allocated buff...
EUVD-2026-12037
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
EUVD-2026-12041
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
EUVD-2026-12039
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
CVE-2026-32719
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...