2224 matches found
GeoVision GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exist in the DVRSearch CMDIPSET functionality of GV-I/O Box 4E versions: 2.09. A specially crafted network request can lead to a arbitrary code execution. An attacker can send a network request to trigger these vulnerabilities. Confirme...
GeoVision LPC2011/LPC2211 DdnsSetting.cgi OS command injection vulnerability
Summary A OS command injection vulnerability exists in the DdnsSetting.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Confirmed...
Adobe Photoshop Installation Privilege Escalation Vulnerability
Talos Vulnerability Report TALOS-2025-2274 Adobe Photoshop Installation Privilege Escalation Vulnerability April 22, 2026 CVE Number CVE-2026-34632 SUMMARY A privilege escalation vulnerability exists during the installation of Adobe Photoshop via the Microsoft Store. The vulnerable version of the...
LibRaw x3f_load_huffman heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2026-2359 LibRaw x3floadhuffman heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-24660 SUMMARY A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious...
Foxit Reader List Box Calculate Array Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2026-2365 Foxit Reader List Box Calculate Array Use-After-Free Vulnerability March 31, 2026 CVE Number CVE-2026-3779 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicio...
Canva Affinity EMF File EMR_POLYBEZIER16 Count Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2316 Canva Affinity EMF File EMRPOLYBEZIER16 Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-47873 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, ...
Canva Affinity EMF File EMR_EXTSELECTCLIPRGN CountRects Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2319 Canva Affinity EMF File EMREXTSELECTCLIPRGN CountRects Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66042 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted E...
Canva Affinity EMF File EMR_POLYGON Count Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2320 Canva Affinity EMF File EMRPOLYGON Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-65119 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...
Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2284 Tp-Link AX53 v1.0 tmpServer opcode 0x429 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62405 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer SmartNetSetClientList functionality of Tp-Link AX53 v1...
Tp-Link AX53 v1.0 tdpServer ssh port update stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2290 Tp-Link AX53 v1.0 tdpServer ssh port update stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62673 SUMMARY A stack-based buffer overflow vulnerability exists in the tdpServer ssh port update functionality of Tp-Link AX53 v1.0...
Tp-Link AX53 v1.0 tmpServer opcode 0x643 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2287 Tp-Link AX53 v1.0 tmpServer opcode 0x643 stack-based buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-62404 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x643 functionality of Tp-Link AX53 v1.0 1.3.1...
Tp-Link AX53 V1.0 tmpServer opcode 0x411 buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2283 Tp-Link AX53 V1.0 tmpServer opcode 0x411 buffer overflow vulnerability March 16, 2026 CVE Number CVE-2025-59482 SUMMARY A buffer overflow vulnerability exists in the tmpServer opcode 0x411 functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120...
Tp-Link AX53 v1.0 tmpServer opcode 0xe01 out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2025-2288 Tp-Link AX53 v1.0 tmpServer opcode 0xe01 out-of-bounds write vulnerability March 16, 2026 CVE Number CVE-2025-61944 SUMMARY An out-of-bounds write vulnerability exists in the tmpServer opcode 0xe01 functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120...
Microsoft DirectX End-User Runtime Web Installer Privilege Escalation Vulnerability
Talos Vulnerability Report TALOS-2025-2293 Microsoft DirectX End-User Runtime Web Installer Privilege Escalation Vulnerability March 11, 2026 CVE Number CVE-2025-68623 SUMMARY A local privilege escalation vulnerability exists during the installation of Microsoft DirectX End-User Runtime. A...
MedDream PACS Premium modifyHL7App reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2264 MedDream PACS Premium modifyHL7App reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-58080 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium...
MedDream PACS Premium modifyHL7Route reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2265 MedDream PACS Premium modifyHL7Route reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-53854 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premiu...
MedDream PACS Premium modifyAutopurgeFilter reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2261 MedDream PACS Premium modifyAutopurgeFilter reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54814 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyAutopurgeFilter functionality of MedDre...
Foxit PDF Editor Installation Uncontrolled Search Path Privilege Escalation Vulnerability
Talos Vulnerability Report TALOS-2025-2275 Foxit PDF Editor Installation Uncontrolled Search Path Privilege Escalation Vulnerability December 19, 2025 CVE Number CVE-2025-57779 SUMMARY A privilege escalation vulnerability exists during the installation of Foxit PDF Editor via the Microsoft Store....
Grassroot DICOM JPEGBITSCodec::InternalCode out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2025-2210 Grassroot DICOM JPEGBITSCodec::InternalCode out-of-bounds read vulnerability December 16, 2025 CVE Number CVE-2025-53619,CVE-2025-53618 SUMMARY An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM...
Grassroot DICOM Overlay::GrabOverlayFromPixelData out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2025-2211 Grassroot DICOM Overlay::GrabOverlayFromPixelData out-of-bounds read vulnerability December 16, 2025 CVE Number CVE-2025-52582 SUMMARY An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM...
PDF-XChange Editor EMF File EMR_SMALLTEXTOUT Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2280 PDF-XChange Editor EMF File EMRSMALLTEXTOUT Out-Of-Bounds Read Vulnerability December 2, 2025 CVE Number CVE-2025-58113 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By...
Socomec DIRIS Digiware M-70 WEBVIEW-M cross-site request forgery (CSRF) vulnerability
Talos Vulnerability Report TALOS-2024-2116 Socomec DIRIS Digiware M-70 WEBVIEW-M cross-site request forgery CSRF vulnerability December 1, 2025 CVE Number CVE-2024-53684 SUMMARY A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70...
Socomec Easy Config System User profile management authentication bypass vulnerability
Talos Vulnerability Report TALOS-2024-2117 Socomec Easy Config System User profile management authentication bypass vulnerability December 1, 2025 CVE Number CVE-2024-45370 SUMMARY An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config...
Entr'ouvert Lasso g_assert_not_reached denial of service vulnerability
Talos Vulnerability Report TALOS-2025-2196 Entr'ouvert Lasso gassertnotreached denial of service vulnerability November 5, 2025 CVE Number CVE-2025-46705 SUMMARY A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially craft...
Truffle Security Co. TruffleHog git arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2025-2243 Truffle Security Co. TruffleHog git arbitrary code execution vulnerability October 20, 2025 CVE Number CVE-2025-41390 SUMMARY An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially...
Adobe Acrobat Reader Page Property Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2025-2222 Adobe Acrobat Reader Page Property Use-After-Free Vulnerability September 23, 2025 CVE Number CVE-2025-54257 SUMMARY A use-after-free vulnerability exists in the page property functionality of Adobe Acrobat Reader 2025.001.20531. A specially crafted...
The Biosig Project libbiosig MFER unvalidated length stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2234 The Biosig Project libbiosig MFER unvalidated length stack-based buffer overflow vulnerability August 25, 2025 CVE Number...
The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2237 The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53511 SUMMARY A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project...
The Biosig Project libbiosig Nex parsing heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2239 The Biosig Project libbiosig Nex parsing heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-54462 SUMMARY A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 a...
SAIL Image Decoding Library PSD RLE Decoding heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2219 SAIL Image Decoding Library PSD RLE Decoding heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53085 SUMMARY A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library...
The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2233 The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-52581 SUMMARY An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project...
PDF-XChange Editor EMF File EMR_POLYDRAW16 PT_BEZIERTO Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2171 PDF-XChange Editor EMF File EMRPOLYDRAW16 PTBEZIERTO Out-Of-Bounds Read Vulnerability August 5, 2025 CVE Number CVE-2025-27931 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using ...
WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2205 WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-46410 SUMMARY A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter...
WWBN AVideo .htaccess sample incomplete blacklist vulnerability
Talos Vulnerability Report TALOS-2025-2213 WWBN AVideo .htaccess sample incomplete blacklist vulnerability July 24, 2025 CVE Number CVE-2025-48732 SUMMARY An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request ca...
WWBN AVideo videoNotFound 404ErrorMsg parameter cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2207 WWBN AVideo videoNotFound 404ErrorMsg parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-50128 SUMMARY A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo...
Adobe Acrobat Reader Annotation Destroy Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2025-2170 Adobe Acrobat Reader Annotation Destroy Use-After-Free Vulnerability June 11, 2025 CVE Number CVE-2025-43576 SUMMARY A use-after-free vulnerability exists in the annotation object processing functionality of Adobe Acrobat Reader 2025.001.20435. A special...
STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server chunked PUT request integer underflow vulnerability
Talos Vulnerability Report TALOS-2024-2102 STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server chunked PUT request integer underflow vulnerability April 2, 2025 CVE Number CVE-2024-50594,CVE-2024-50595 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of...
ClearML dataset upload XSS vulnerability
Talos Vulnerability Report TALOS-2024-2110 ClearML dataset upload XSS vulnerability February 6, 2025 CVE Number CVE-2024-39272 SUMMARY A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can...
WolfSSL wolfSSL PKCS#7 OtherRecipientInfo integer underflow vulnerability
Summary A integer underflow vulnerability exists in the PKCS7 OtherRecipientInfo functionality of wolfSSL versions: 5.9.1. A specially crafted malformed ASN.1 record can lead to a heap buffer overflow. An attacker can arbitrary code execution to trigger this vulnerability. Confirmed Vulnerable...
GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability
Summary A memory corruption vulnerability exists in the GV-Cloud functionality of GV-VMS V20 versions: 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability. Confirmed Vulnerable Versions The...
Canva Affinity EMF File EMR_POLYBEZIERTO Count Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2318 Canva Affinity EMF File EMRPOLYBEZIERTO Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66503 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, ...
Canva Affinity EMF File EMR_POLYBEZIERTO16 Count Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2324 Canva Affinity EMF File EMRPOLYBEZIERTO16 Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2026-20726 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file...
Canva Affinity EMF File EMR_POLYDRAW Count Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2301 Canva Affinity EMF File EMRPOLYDRAW Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66000 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...
Tp-Link AX53 v1.0 tmpServer opcode 0x442 out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2025-2286 Tp-Link AX53 v1.0 tmpServer opcode 0x442 out-of-bounds write vulnerability March 16, 2026 CVE Number CVE-2025-61983 SUMMARY An out-of-bounds write vulnerability exists in the tmpServer opcode 0x442 functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120...
MedDream PACS Premium encapsulatedDoc reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2256 MedDream PACS Premium encapsulatedDoc reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54157 SUMMARY A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS...
MedDream PACS Premium modifyAnonymize reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2259 MedDream PACS Premium modifyAnonymize reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-55071 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyAnonymize functionality of MedDream PACS...
MedDream PACS Premium notifynewstudy reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2269 MedDream PACS Premium notifynewstudy reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-57786 SUMMARY A reflected cross-site scripting xss vulnerability exists in the notifynewstudy functionality of MedDream PACS Premiu...
Grassroot DICOM RLECodec::DecodeByStreams out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2025-2214 Grassroot DICOM RLECodec::DecodeByStreams out-of-bounds read vulnerability December 16, 2025 CVE Number CVE-2025-48429 SUMMARY An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially...
Socomec DIRIS Digiware M-70 Modbus RTU over TCP factory reset denial of service vulnerability
Talos Vulnerability Report TALOS-2025-2138 Socomec DIRIS Digiware M-70 Modbus RTU over TCP factory reset denial of service vulnerability December 1, 2025 CVE Number CVE-2025-20085 SUMMARY A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware...
GCC Productions Inc. Fade In XML parser use-after-free vulnerability
Talos Vulnerability Report TALOS-2025-2252 GCC Productions Inc. Fade In XML parser use-after-free vulnerability October 28, 2025 CVE Number CVE-2025-53814 SUMMARY A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml...