2224 matches found
MedDream PACS Premium modifyUser reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2268 MedDream PACS Premium modifyUser reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54853 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyUser functionality of MedDream PACS Premium...
MedDream PACS Premium fetchPriorStudies reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2258 MedDream PACS Premium fetchPriorStudies reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-46270 SUMMARY A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS...
Foxit Reader Barcode Calculate CPDF_FormField Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2025-2277 Foxit Reader Barcode Calculate CPDFFormField Use-After-Free Vulnerability December 19, 2025 CVE Number CVE-2025-58085 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles a Barcode field object. A specially crafted JavaScript cod...
Foxit Reader Text Widget Format Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2025-2278 Foxit Reader Text Widget Format Use-After-Free Vulnerability December 19, 2025 CVE Number CVE-2025-59488 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles a Text Widget field object. A specially crafted JavaScript code inside ...
The Biosig Project libbiosig MFER parsing multiple stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2025-2296 The Biosig Project libbiosig MFER parsing multiple stack-based buffer overflow vulnerabilities December 11, 2025 CVE Number CVE-2025-66047,CVE-2025-66045,CVE-2025-66044,CVE-2025-66048,CVE-2025-66043,CVE-2025-66046 SUMMARY Several stack-based buffer...
Socomec DIRIS Digiware M-70 Modbus TCP factory reset denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2118 Socomec DIRIS Digiware M-70 Modbus TCP factory reset denial of service vulnerability December 1, 2025 CVE Number CVE-2024-49572 SUMMARY A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A...
Dell ControlVault3 CvManager_SBI buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2188 Dell ControlVault3 CvManagerSBI buffer overflow vulnerability November 17, 2025 CVE Number CVE-2025-32089 SUMMARY A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 5.14.3.0 and 5.15.10.14, A31. A specially...
Entr'ouvert Lasso lasso_provider_verify_saml_signature denial of service vulnerability
Talos Vulnerability Report TALOS-2025-2194 Entr'ouvert Lasso lassoproviderverifysamlsignature denial of service vulnerability November 5, 2025 CVE Number CVE-2025-46404 SUMMARY A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5....
Entr'ouvert Lasso lasso_node_init_from_message_with_format denial of service vulnerability
Talos Vulnerability Report TALOS-2025-2195 Entr'ouvert Lasso lassonodeinitfrommessagewithformat denial of service vulnerability November 5, 2025 CVE Number CVE-2025-46784 SUMMARY A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso...
Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability
Talos Vulnerability Report TALOS-2025-2142 Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability October 16, 2025 CVE Number None SUMMARY A stack overflow vulnerability exists in the GetIndefiniteElementLen functionality of Dell BSAFE Crypto-C xxx. A specially crafted ASN.1...
Planet WGR-500 formPingCmd stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2025-2226 Planet WGR-500 formPingCmd stack-based buffer overflow vulnerabilities October 7, 2025 CVE Number CVE-2025-54401,CVE-2025-54400,CVE-2025-54399,CVE-2025-54402 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd...
OpenPrinting ippusbxd media-size-supported stack based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2071 OpenPrinting ippusbxd media-size-supported stack based buffer overflow vulnerability August 19, 2025 CVE Number CVE-2024-45062 SUMMARY A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer th...
Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2088 Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability July 30, 2025 CVE Number CVE-2025-55089 SUMMARY A buffer overflow vulnerability exists in the FileX RAM disk driver functionality of Eclipse ThreadX FileX git commit 1b85eb2. A specially...
MedDream PACS Premium radiationDoseReport.php reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2176 MedDream PACS Premium radiationDoseReport.php reflected cross-site scripting XSS vulnerability July 28, 2025 CVE Number CVE-2025-32731 SUMMARY A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of...
Bloomberg Comdb2 net_connectmsg Protocol Buffer Message null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2025-2197 Bloomberg Comdb2 netconnectmsg Protocol Buffer Message null pointer dereference vulnerability July 22, 2025 CVE Number CVE-2025-36520 SUMMARY A null pointer dereference vulnerability exists in the netconnectmsg Protocol Buffer Message functionality of...
Catdoc utilities OLE Document Parser File Allocation Table 32-bit integer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2131 Catdoc utilities OLE Document Parser File Allocation Table 32-bit integer overflow vulnerability June 2, 2025 CVE Number CVE-2024-52035 SUMMARY An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of...
Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow vulnerability
Talos Vulnerability Report TALOS-2024-2105 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow vulnerability April 14, 2025 CVE Number None,CVE-2025-2258 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of Eclipse ThreadX NetX Du...
NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-2080 NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability February 11, 2025 CVE Number CVE-2024-0142 SUMMARY A memory corruption vulnerability exists in the Image Decoding functionality of NVIDIA nvJPEG2000 0.8.0. A specially crafted .jp2 file can lead to...
ClearML Vault API disabled vaults retrieval vulnerability
Talos Vulnerability Report TALOS-2024-2112 ClearML Vault API disabled vaults retrieval vulnerability February 6, 2025 CVE Number CVE-2024-43779 SUMMARY An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP...
Wavlink AC3000 testsave.sh Information Disclosure vulnerability
Talos Vulnerability Report TALOS-2024-2035 Wavlink AC3000 testsave.sh Information Disclosure vulnerability January 14, 2025 CVE Number CVE-2024-39773 SUMMARY An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...
Wavlink AC3000 login.cgi set_lang_CountryCode() Persistent XSS vulnerability
Talos Vulnerability Report TALOS-2024-2017 Wavlink AC3000 login.cgi setlangCountryCode Persistent XSS vulnerability January 14, 2025 CVE Number CVE-2024-39363 SUMMARY A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000...
GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerabilities
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the Websocket Server connectInfo handler functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to...
GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerabilities
Summary Multiple exploitable OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GV-I/O Box 4E versions: 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger these vulnerabilities. Confirmed...
GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability
Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...
LibRaw lossless_jpeg_load_raw heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2026-2331 LibRaw losslessjpegloadraw heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-21413 SUMMARY A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A...
Canva Affinity EMF File EMR_HEADER nDescription Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2298 Canva Affinity EMF File EMRHEADER nDescription Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-62500 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file,...
Canva Affinity EMF File EMR_HEADER offDescription Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2299 Canva Affinity EMF File EMRHEADER offDescription Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-61979 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF fil...
Canva Affinity EMF File EMR_STRETCHBLT offBmiSrc Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2312 Canva Affinity EMF File EMRSTRETCHBLT offBmiSrc Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-64735 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file...
Canva Affinity EMF File EMR_EXTTEXTOUTW offDx Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2314 Canva Affinity EMF File EMREXTTEXTOUTW offDx Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-58427 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, a...
Canva Affinity EMF File EMR_POLYBEZIER Count Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2317 Canva Affinity EMF File EMRPOLYBEZIER Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-61952 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...
Canva Affinity EMF File EMR_CREATEDIBPATTERNBRUSHPT offBmi Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2300 Canva Affinity EMF File EMRCREATEDIBPATTERNBRUSHPT offBmi Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-64733 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafte...
Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2284 Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62405 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer SmartNetSetClientList functionality of Tp-Link AX53 v1...
The Biosig Project libbiosig Nicolet WFT parsing heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2026-2362 The Biosig Project libbiosig Nicolet WFT parsing heap-based buffer overflow vulnerability March 3, 2026 CVE Number CVE-2026-20777 SUMMARY A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project...
MedDream PACS Premium modifyHL7App reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2264 MedDream PACS Premium modifyHL7App reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-58080 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium...
MedDream PACS Premium modifyRoute reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2266 MedDream PACS Premium modifyRoute reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-57787 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyRoute functionality of MedDream PACS Premium...
Socomec DIRIS Digiware M-70 Modbus TCP and Modbus RTU over TCP denial of service vulnerability
Talos Vulnerability Report TALOS-2025-2248 Socomec DIRIS Digiware M-70 Modbus TCP and Modbus RTU over TCP denial of service vulnerability December 1, 2025 CVE Number CVE-2025-54848,CVE-2025-54851,CVE-2025-54849,CVE-2025-54850 SUMMARY A denial of service vulnerability exists in the Modbus TCP and...
Socomec DIRIS Digiware M-70 Modbus TCP buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2152 Socomec DIRIS Digiware M-70 Modbus TCP buffer overflow vulnerability December 1, 2025 CVE Number CVE-2025-26858 SUMMARY A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set o...
Socomec DIRIS Digiware M-70 WEBVIEW-M cleartext transmission vulnerability
Talos Vulnerability Report TALOS-2024-2115 Socomec DIRIS Digiware M-70 WEBVIEW-M cleartext transmission vulnerability December 1, 2025 CVE Number CVE-2024-48894 SUMMARY A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially...
Dell ControlVault3 CvManager buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2189 Dell ControlVault3 CvManager buffer overflow vulnerability November 17, 2025 CVE Number CVE-2025-36553 SUMMARY A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 5.14.3.0 and 5.15.10.14, A31. A specially crafted...
GCC Productions Inc. Fade In XML parser out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2025-2250 GCC Productions Inc. Fade In XML parser out-of-bounds write vulnerability October 28, 2025 CVE Number CVE-2025-53855 SUMMARY An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially...
Dell BSAFE Crypto-C _A_DecodeType out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2025-2140 Dell BSAFE Crypto-C ADecodeType out-of-bounds read vulnerability October 16, 2025 CVE Number CVE-2019-3728 SUMMARY An integer overflow vulnerability exists in the ADecodeType functionality of Dell BSAFE Crypto-C xxx. A specially crafted ASN.1 record can...
NVIDIA nvdisasm REL section header parsing out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2025-2204 NVIDIA nvdisasm REL section header parsing out-of-bounds write vulnerability September 24, 2025 CVE Number CVE-2025-23308 SUMMARY An out-of-bounds write vulnerability exists in the REL section header parsing functionality of NVIDIA nvdisasm 12.9.88. A...
The Biosig Project libbiosig Nex parsing out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2025-2238 The Biosig Project libbiosig Nex parsing out-of-bounds read vulnerability August 25, 2025 CVE Number CVE-2025-52461 SUMMARY An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branc...
The Biosig Project libbiosig MFER Tag 3 null write stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2236 The Biosig Project libbiosig MFER Tag 3 null write stack-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-46411 SUMMARY A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project...
Tenda AC6 V5.0 /goform/getproductInfo information disclosure vulnerability
Talos Vulnerability Report TALOS-2025-2164 Tenda AC6 V5.0 /goform/getproductInfo information disclosure vulnerability August 20, 2025 CVE Number CVE-2025-24496 SUMMARY An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110...
Tenda AC6 V5.0 Session Authentication Cookie unencrypted transmission of credentials vulnerability
Talos Vulnerability Report TALOS-2025-2167 Tenda AC6 V5.0 Session Authentication Cookie unencrypted transmission of credentials vulnerability August 20, 2025 CVE Number CVE-2025-31646 SUMMARY A unencrypted transmission of credentials vulnerability exists in the Session Authentication Cookie...
Dell ControlVault3 cvhDecapsulateCmd improper input validation vulnerability
Talos Vulnerability Report TALOS-2025-2153 Dell ControlVault3 cvhDecapsulateCmd improper input validation vulnerability August 9, 2025 CVE Number CVE-2025-24919 SUMMARY A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to...
MedDream PACS Premium setup incorrect default permissions vulnerability
Talos Vulnerability Report TALOS-2025-2154 MedDream PACS Premium setup incorrect default permissions vulnerability July 28, 2025 CVE Number CVE-2025-26469 SUMMARY An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium...
WWBN AVideo LoginWordPress loginForm cancelUri parameter cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2208 WWBN AVideo LoginWordPress loginForm cancelUri parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-36548 SUMMARY A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter...
WWBN AVideo userLogin cancelUri parameter cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2209 WWBN AVideo userLogin cancelUri parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-41420 SUMMARY A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and de...