EUVD-2025-208798

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-66633

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-58427

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-47873

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-61979

Canva Affinity (EMF functionality) has an out-of-bounds read vulnerability tracked as CVE-2025-61979. Talos documents indicate it affects Canva Affinity 3.0.1.3808 and arise from processing EMF headers (EMR_HEADER) in EMF files, where an offDescription field can be misused to trigger an out-of-bo...

CVE-2025-66000

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-64776

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-64735

CVE-2025-64735 affects Canva Affinity. Talos reports an out-of-bounds read in EMF processing (EMR_STRETCHBLT) where offBmiSrc is not validated, leading to a read of memory outside the mapped bitmap when a crafted EMF is opened. Affected product/version per Talos: Canva Affinity 3.0.1.3808. The vu...

CVE-2025-66633

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-58427

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-62403

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2026-20726

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2026-22882

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

EUVD-2026-12307

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

CVE-2025-69245 Reflected XSS in Raytha CMS

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

CVE-2025-69245 Reflected XSS in Raytha CMS

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

CVE-2025-69245

CVE-2025-69245 : Raytha CMS is affected by a reflected XSS via the returnUrl parameter in the logon flow. An attacker can craft a URL that, when opened by an authenticated user, may execute arbitrary JavaScript in the user’s browser. The issue has a fixed version: 1.4.6. The CVSS base score is 5....

CVE-2026-4219

CVE-2026-4219 affects INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to version 1.0.2 on Android. The vulnerability concerns the file com/index/event/BuildConfig.java of the ae.index.apgcs component, where manipulating the arguments ACCESS_KEY and HASH_KEY can reveal hard-code...