Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Talos

#b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
PolicyEmail

Short Name

talos

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

cisco.com

Country

USA

Scope

Third-party products it researches.
Reported CVEsVendorsProductsReports
2542Vulnerabilities found
CVE-2026-25104
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.09%
||
7 Day CHG+0.01%
Published-26 May, 2026 | 08:41
Updated-28 May, 2026 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-25713
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.09%
||
7 Day CHG+0.01%
Published-26 May, 2026 | 08:39
Updated-28 May, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-28764
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.09%
||
7 Day CHG+0.01%
Published-21 May, 2026 | 08:52
Updated-02 Jun, 2026 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2026-22554
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.81%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 13:58
Updated-29 May, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-58074
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.01% / 2.25%
||
7 Day CHG-0.00%
Published-04 May, 2026 | 13:11
Updated-29 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation during the installation of Norton Secure VPN via the Microsoft Store

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Action-Not Available
Vendor-Gen Digital
Product-Norton Secure VPN
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CVE-2026-20911
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2026-21413
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-20889
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-24660
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.08% / 23.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-24450
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.08% / 23.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-13 Apr, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-20884
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.08% / 23.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-13 Apr, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-66342
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.73%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-62500
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61979
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64733
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66000
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64301
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-64776
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64735
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66633
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-58427
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66617
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47873
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61952
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66503
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66042
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-65119
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-62403
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20726
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-22882
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64736
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 10.95%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-22891
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.49%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-20777
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.19% / 40.49%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-61982
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.57%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 14:38
Updated-18 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-OpenCFD
Product-OpenFOAM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-54817
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53516
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54495
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54157
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54778
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46270
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-55071
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54852
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54814
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54861
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57881
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58080
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53854
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57787
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53707
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54853
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 50
  • 51
  • Next