2224 matches found
Wavlink AC3000 nas.cgi add_dir() Directory Traversal Vulnerabilities
Talos Vulnerability Report TALOS-2024-2057 Wavlink AC3000 nas.cgi adddir Directory Traversal Vulnerabilities January 14, 2025 CVE Number CVE-2024-39786,CVE-2024-39787 SUMMARY Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.21050...
NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1955 NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0121 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality SAMPLE instruction of NVIDIA D3D10 Driver NVIDIA D3D...
LevelOne WBR-6013 telnetd hard-coded password vulnerability
Talos Vulnerability Report TALOS-2023-1871 LevelOne WBR-6013 telnetd hard-coded password vulnerability July 8, 2024 CVE Number CVE-2023-46685 SUMMARY A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted...
WWBN AVideo image404Raw.php information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1881 WWBN AVideo image404Raw.php information disclosure vulnerability January 10, 2024 CVE Number CVE-2023-49738 SUMMARY An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A special...
WWBN AVideo userRecoverPass.php captcha validation recovery notification bypass vulnerability
Talos Vulnerability Report TALOS-2023-1897 WWBN AVideo userRecoverPass.php captcha validation recovery notification bypass vulnerability January 10, 2024 CVE Number CVE-2023-50172 SUMMARY A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionali...
Apple DCERPC allocation hint uninitialized memory disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1675 Apple DCERPC allocation hint uninitialized memory disclosure vulnerability July 13, 2023 CVE Number None SUMMARY An information disclosure vulnerability exists in the call fault reporting functionality of DCERPC library as used in Apple macOS 12.6.1 that...
Adobe Acrobat Reader Font numGlyphs Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2136 Adobe Acrobat Reader Font numGlyphs Out-Of-Bounds Read Vulnerability March 12, 2025 CVE Number CVE-2025-27164 SUMMARY An out-of-bounds read vulnerability exists in the Font functionality of Adobe Acrobat Reader 2024.005.20320. A specially crafted font fi...
Observium mapname cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2024-2092 Observium mapname cross-site scripting XSS vulnerability January 15, 2025 CVE Number CVE-2024-45061 SUMMARY A cross-site scripting xss vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP reque...
Wavlink AC3000 qos.cgi qos_sta_settings() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2048 Wavlink AC3000 qos.cgi qosstasettings buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39299 SUMMARY A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
Wavlink AC3000 update_filter_url.sh argument injection vulnerability
Talos Vulnerability Report TALOS-2024-2038 Wavlink AC3000 updatefilterurl.sh argument injection vulnerability January 14, 2025 CVE Number CVE-2024-39604 SUMMARY A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craft...
LevelOne WBR-6012 Web Application denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2001 LevelOne WBR-6012 Web Application denial of service vulnerability October 30, 2024 CVE Number CVE-2024-33623 SUMMARY A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP...
NVIDIA D3D10 Driver Shader Functionality STORE_STRUCTURED instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2014 NVIDIA D3D10 Driver Shader Functionality STORESTRUCTURED instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0120 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10...
NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2012 NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0117 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99,...
Foxit Reader checkbox Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...
JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1808 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability October 19, 2023 CVE Number CVE-2023-38127 SUMMARY An integer overflow exists in the “HyperLinkFrame” stream parser of Ichitaro 2023 1.0.1.59372. A specially craft...
Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging 1BL firmware downgrade vulnerability
Summary A firmware downgrade vulnerability exists in the Security Monitor SMSyscallCommitImageStaging 1BL functionality of Microsoft Azure Sphere 21.01. A specially-crafted set of Secmon syscalls can lead to downgrading the version of the 1BL firmware. An attacker can use syscalls to trigger this...
NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2025-2155 NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability September 24, 2025 CVE Number CVE-2025-23339 SUMMARY An arbitrary code execution vulnerability exists in the DWARF parsing functionality of NVIDIA cuobjdump 12.8.55...
Wavlink AC3000 adm.cgi set_MeshAp() arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2024-2031 Wavlink AC3000 adm.cgi setMeshAp arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2024-39370 SUMMARY An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 adm.cgi set_ledonoff() OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-2032 Wavlink AC3000 adm.cgi setledonoff OS command injection vulnerability January 14, 2025 CVE Number CVE-2024-37186 SUMMARY An os command injection vulnerability exists in the adm.cgi setledonoff functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
OFFIS DCMTK determineMinMax improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-2121 OFFIS DCMTK determineMinMax improper array index validation vulnerability January 13, 2025 CVE Number CVE-2024-52333 SUMMARY An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially...
NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2015 NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0119 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99...
Reolink RLC-410W device TestEmail out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Reolink...
Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability
Summary A denial of service vulnerability exists in the Security Monitor SMSyscallCommitImageStaging stage-without-manifest functionality of Microsoft Azure Sphere 21.01. A specially crafted image package can lead to boot looping, requiring manual recovery. An attacker can flash a malicious image...
Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability
Talos Vulnerability Report TALOS-2025-2305 Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability May 7, 2026 CVE Number CVE-2026-30817 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore routeup functionality of Tp-Link...
Hangzhou Hikvision Digital Technology Co., Ltd. Face Recognition Modules SADP XML parsing stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2281 Hangzhou Hikvision Digital Technology Co., Ltd. Face Recognition Modules SADP XML parsing stack-based buffer overflow vulnerability March 18, 2026 CVE Number CVE-2025-66176 SUMMARY A stack-based buffer overflow vulnerability exists in the SADP XML parsin...
Parallels Desktop prl_disp_service Snapshots SymLink Change Ownership Privilege Escalation
Talos Vulnerability Report TALOS-2024-2123 Parallels Desktop prldispservice Snapshots SymLink Change Ownership Privilege Escalation June 3, 2025 CVE Number CVE-2024-52561 SUMMARY A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1...
Observium add_alert_check cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2024-2090 Observium addalertcheck cross-site scripting XSS vulnerability January 15, 2025 CVE Number CVE-2024-47140 SUMMARY A cross-site scripting xss vulnerability exists in the addalertcheck page of Observium CE 24.4.13528. A specially crafted HTTP request can...
Wavlink AC3000 touchlist_sync.cgi main() arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2024-1999 Wavlink AC3000 touchlistsync.cgi main arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2022-2488 SUMMARY An arbitrary code execution vulnerability exists in the touchlistsync.cgi main functionality of Wavlink AC3000...
Wavlink AC3000 wctrls static login vulnerability
Talos Vulnerability Report TALOS-2024-2034 Wavlink AC3000 wctrls static login vulnerability January 14, 2025 CVE Number CVE-2024-39754 SUMMARY A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead ...
Wavlink AC3000 adm.cgi set_TR069() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2028 Wavlink AC3000 adm.cgi setTR069 command injection vulnerability January 14, 2025 CVE Number CVE-2024-21797 SUMMARY A command execution vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HT...
LevelOne WBR-6012 FTP improper input validation vulnerability
Talos Vulnerability Report TALOS-2024-1998 LevelOne WBR-6012 FTP improper input validation vulnerability October 30, 2024 CVE Number CVE-2024-33700 SUMMARY The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers...
Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability
Talos Vulnerability Report VRT-2014-0201 Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability May 11, 2015 Description A exploitable denial of service vulnerability exists in Pidgin’s implem ntation of the MSN Messenger protocol in the libpurple library. An attack...
Google Chrome AddGenericPassword infomation overwrite vulnerability
Summary An infomation overwrite vulnerability exists in the AddGenericPassword functionality of Chrome 148.0.7778.216 Mac arm64. A keychain write from a same-user process can overwrite Chrome’s encryption key, leading to disclosure of sensitive information. An attacker can make a specially crafte...
OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability
Talos Vulnerability Report TALOS-2026-2381 OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability April 27, 2026 CVE Number CVE-2026-35058 SUMMARY A reachable assertion vulnerability exists in the TLS Crypt v2 Client Key Extraction functionality of OpenVPN 2.6.x and 2.8git. A...
Dell ControlVault3 cv_close arbitrary free vulnerability
Talos Vulnerability Report TALOS-2024-2129 Dell ControlVault3 cvclose arbitrary free vulnerability August 9, 2025 CVE Number CVE-2025-25215 SUMMARY An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 5.14.3.0. A specially crafted ControlVault API call can lea...
STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server single PUT request integer underflow vulnerability
Talos Vulnerability Report TALOS-2024-2103 STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server single PUT request integer underflow vulnerability April 2, 2025 CVE Number CVE-2024-50596,CVE-2024-50597 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of...
Wavlink AC3000 login.cgi set_sys_init() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2018 Wavlink AC3000 login.cgi setsysinit command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39759,CVE-2024-39761,CVE-2024-39760 SUMMARY Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlin...
Wavlink AC3000 qos.cgi qos_settings() buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2024-2049 Wavlink AC3000 qos.cgi qossettings buffer overflow vulnerabilities January 14, 2025 CVE Number CVE-2024-39803,CVE-2024-39801,CVE-2024-39802 SUMMARY Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000...
NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration
Talos Vulnerability Report TALOS-2024-2013 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration October 23, 2024 CVE Number CVE-2024-0118 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D...
Microsoft Teams (work or school) for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1973 Microsoft Teams work or school for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-42004 SUMMARY A library injection vulnerability exists in Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted...
Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0160 Oracle OIT ImageExport libvsbmp BMP BIRLE8 Width Code Execution Vulnerability July 19, 2016 Description A vulnerability in libvseshr can lead to remote code execution while parsing a specially crafted Word document containing a reference to Escher drawin...
OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2025-2292 OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability February 18, 2026 CVE Number CVE-2025-61982 SUMMARY An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A...
Socomec DIRIS Digiware M-70 Modbus TCP reboot denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2119 Socomec DIRIS Digiware M-70 Modbus TCP reboot denial of service vulnerability December 1, 2025 CVE Number CVE-2024-48882 SUMMARY A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially...
Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability
Talos Vulnerability Report TALOS-2025-2174 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability November 17, 2025 CVE Number CVE-2025-31361 SUMMARY A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIOUSHADDRECORD...
The Biosig Project libbiosig RHS2000 parsing heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2240 The Biosig Project libbiosig RHS2000 parsing heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-48005 SUMMARY A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig...
Parallels Desktop prl_vmarchiver Unarchive Hard Link Privilege Escalation
Talos Vulnerability Report TALOS-2024-2126 Parallels Desktop prlvmarchiver Unarchive Hard Link Privilege Escalation June 3, 2025 CVE Number CVE-2024-36486 SUMMARY A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac...
NVIDIA nvJPEG2000 Default Coding Styles Ndecomp buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2113 NVIDIA nvJPEG2000 Default Coding Styles Ndecomp buffer overflow vulnerability February 11, 2025 CVE Number CVE-2024-0145 SUMMARY A heap based buffer overflow vulnerability exists in the way Ndecomp parameter is used when parsing JPEG2000 files in NVIDIA...
Wavlink AC3000 wireless.cgi set_wifi_basic_mesh() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2042 Wavlink AC3000 wireless.cgi setwifibasicmesh buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39603 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000...
Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability
Talos Vulnerability Report TALOS-2024-2036 Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39608 SUMMARY A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Internet Systems Consortium BIND DNSSEC DNSKEY Extended Flags denial of service vulnerability
Summary A denial of service vulnerability exists in the DNSSEC DNSKEY Extended Flags functionality of BIND versions: 9.21.21. A specially crafted mirror domain can lead to a denial of service. An attacker can serve a malicious zone to trigger this vulnerability. Confirmed Vulnerable Versions The...