vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::FindDataElementOrInsert functionality of vtk-dicom versions: 9.5.2. A specially crafted DICOM file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

Google Chrome AddGenericPassword infomation overwrite vulnerability

Summary An infomation overwrite vulnerability exists in the AddGenericPassword functionality of Chrome 148.0.7778.216 Mac arm64. A keychain write from a same-user process can overwrite Chrome’s encryption key, leading to disclosure of sensitive information. An attacker can make a specially crafte...

GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

Summary A memory corruption vulnerability exists in the GV-Cloud functionality of GV-VMS V20 versions: 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability. Confirmed Vulnerable Versions The...

GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerabilities

Summary Multiple exploitable OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GV-I/O Box 4E versions: 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger these vulnerabilities. Confirmed...

GeoVision GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the DVRSearch CMDIPSET functionality of GV-I/O Box 4E versions: 2.09. A specially crafted network request can lead to a arbitrary code execution. An attacker can send a network request to trigger these vulnerabilities. Confirme...

Internet Systems Consortium BIND DNSSEC DNSKEY Extended Flags denial of service vulnerability

Summary A denial of service vulnerability exists in the DNSSEC DNSKEY Extended Flags functionality of BIND versions: 9.21.21. A specially crafted mirror domain can lead to a denial of service. An attacker can serve a malicious zone to trigger this vulnerability. Confirmed Vulnerable Versions The...

GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability

Summary A guessable session cookie vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. Confirmed...

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities

Summary Multiple exploitable reflected cross-site scripting XSS vulnerabilities exist in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to...

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

Summary A stack overflow vulnerability exists in the WebCam Server Login functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Confirmed Vulnerable...

GeoVision GV-VMS V20 WebCam Server stack overflow vulnerabilities

Summary Multiple exploitable stack overflow vulnerabilities exist in the WebCam Server functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities...

GeoVision LPC2011/LPC2211 DdnsSetting.cgi OS command injection vulnerability

Summary A OS command injection vulnerability exists in the DdnsSetting.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Confirmed...

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the LXF parsing functionality of MediaInfoLib versions: 26.01. A specially crafted .lxf file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Confirmed Vulnerable Versions The...

MediaArea MediaInfoLib ID3v2 parsing heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the ID3v2 parsing functionality of MediaInfoLib versions: 26.01. A specially crafted media file that contains ID3v2 tags can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the LXF element parsing functionality of MediaInfoLib versions: 26.01. A specially crafted .lxf file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Confirmed Vulnerable...

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the Channel Splitting functionality of MediaInfoLib versions: 26.01. A specially crafted .riff file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Confirmed Vulnerable...

Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability

Talos Vulnerability Report TALOS-2025-2304 Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability May 7, 2026 CVE Number CVE-2026-30816 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore crt.sed functionality of Tp-Link Archer AX53 v1.0 1.3....

Tp-Link Archer AX53 v1.0 dnsmasq configuration restore dhcpscript OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2306 Tp-Link Archer AX53 v1.0 dnsmasq configuration restore dhcpscript OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30818 SUMMARY An os command injection vulnerability exists in the dnsmasq configuration restore dhcpscript functionality ...

Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2302 Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability May 7, 2026 CVE Number CVE-2026-30814 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x436 functionality of Tp-Link AX53 v1.0 1.3.1 Bui...

Tp-Link Archer AX53 v1.0 Openvpn configuration restore script_security OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2303 Tp-Link Archer AX53 v1.0 Openvpn configuration restore scriptsecurity OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore scriptsecurity...

Tp-Link Archer AX53 v1.0 Openvpn configuration restore client_connect OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2308 Tp-Link Archer AX53 v1.0 Openvpn configuration restore clientconnect OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore clientconnect...

Tp-Link Archer AX53 v1.0 Openvpn configuration restore route_up OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2309 Tp-Link Archer AX53 v1.0 Openvpn configuration restore routeup OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore routeup functionality of...

Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability

Talos Vulnerability Report TALOS-2025-2305 Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability May 7, 2026 CVE Number CVE-2026-30817 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore routeup functionality of Tp-Link...

Tp-Link Archer AX53 v1.0 Openvpn configuration restore client_disconnect OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2307 Tp-Link Archer AX53 v1.0 Openvpn configuration restore clientdisconnect OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore clientdisconnect...

Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability

Talos Vulnerability Report TALOS-2025-2276 Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability May 4, 2026 CVE Number CVE-2025-58074 SUMMARY A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Stor...

OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability

Talos Vulnerability Report TALOS-2026-2381 OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability April 27, 2026 CVE Number CVE-2026-35058 SUMMARY A reachable assertion vulnerability exists in the TLS Crypt v2 Client Key Extraction functionality of OpenVPN 2.6.x and 2.8git. A...

Adobe Photoshop Installation Privilege Escalation Vulnerability

Talos Vulnerability Report TALOS-2025-2274 Adobe Photoshop Installation Privilege Escalation Vulnerability April 22, 2026 CVE Number CVE-2026-34632 SUMMARY A privilege escalation vulnerability exists during the installation of Adobe Photoshop via the Microsoft Store. The vulnerable version of the...

LibRaw uncompressed_fp_dng_load_raw integer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2363 LibRaw uncompressedfpdngloadraw integer overflow vulnerability April 7, 2026 CVE Number CVE-2026-24450 SUMMARY An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious...

LibRaw HuffTable::initval heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2330 LibRaw HuffTable::initval heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-20911 SUMMARY A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A...

LibRaw x3f_load_huffman heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2359 LibRaw x3floadhuffman heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-24660 SUMMARY A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious...

LibRaw deflate_dng_load_raw integer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2364 LibRaw deflatedngloadraw integer overflow vulnerability April 7, 2026 CVE Number CVE-2026-20884 SUMMARY An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead ...

LibRaw lossless_jpeg_load_raw heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2331 LibRaw losslessjpegloadraw heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-21413 SUMMARY A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A...

LibRaw x3f_thumb_loader heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2358 LibRaw x3fthumbloader heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-20889 SUMMARY A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious...

Foxit Reader List Box Calculate Array Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2026-2365 Foxit Reader List Box Calculate Array Use-After-Free Vulnerability March 31, 2026 CVE Number CVE-2026-3779 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicio...

Hangzhou Hikvision Digital Technology Co., Ltd. Face Recognition Modules SADP XML parsing stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2281 Hangzhou Hikvision Digital Technology Co., Ltd. Face Recognition Modules SADP XML parsing stack-based buffer overflow vulnerability March 18, 2026 CVE Number CVE-2025-66176 SUMMARY A stack-based buffer overflow vulnerability exists in the SADP XML parsin...

Canva Affinity EMF File EMR_BITBLT offBmiSrc Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2311 Canva Affinity EMF File EMRBITBLT offBmiSrc Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-64776 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...

Canva Affinity EMF File EMR_CREATEDIBPATTERNBRUSHPT DIBHeaderInfo HeaderSize Out-Of-Bounds Write Vulnerability

Talos Vulnerability Report TALOS-2025-2310 Canva Affinity EMF File EMRCREATEDIBPATTERNBRUSHPT DIBHeaderInfo HeaderSize Out-Of-Bounds Write Vulnerability March 17, 2026 CVE Number CVE-2025-64301 SUMMARY An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By usin...

Canva Affinity EMF File EMR_POLYBEZIERTO16 Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2324 Canva Affinity EMF File EMRPOLYBEZIERTO16 Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2026-20726 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file...

Canva Affinity EMF File EMR_POLYBEZIER Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2317 Canva Affinity EMF File EMRPOLYBEZIER Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-61952 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...

Canva Affinity EMF File EMR_POLYBEZIER16 Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2316 Canva Affinity EMF File EMRPOLYBEZIER16 Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-47873 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, ...

Canva Affinity EMF File EMR_POLYPOLYLINE16 Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2315 Canva Affinity EMF File EMRPOLYPOLYLINE16 Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66617 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file...

Canva Affinity EMF File EMR_POLYBEZIERTO Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2318 Canva Affinity EMF File EMRPOLYBEZIERTO Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66503 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, ...

Canva Affinity EMF File EMR_POLYGON Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2320 Canva Affinity EMF File EMRPOLYGON Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-65119 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...

Canva Affinity EMF File EMR_STRETCHBLT cbBitsSrc Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2313 Canva Affinity EMF File EMRSTRETCHBLT cbBitsSrc Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66633 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file...

Canva Affinity EMF File EMR_STRETCHBLT offBmiSrc Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2312 Canva Affinity EMF File EMRSTRETCHBLT offBmiSrc Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-64735 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file...

Canva Affinity EMF File EMR_EXTTEXTOUTW offDx Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2314 Canva Affinity EMF File EMREXTTEXTOUTW offDx Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-58427 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, a...

Canva Affinity EMF File EMR_POLYPOLYLINE Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2325 Canva Affinity EMF File EMRPOLYPOLYLINE Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2026-22882 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, ...

Canva Affinity EMF File EMR_HEADER offDescription Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2299 Canva Affinity EMF File EMRHEADER offDescription Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-61979 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF fil...