Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Talos

#b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
PolicyEmail

Short Name

talos

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

cisco.com

Country

USA

Scope

Third-party products it researches.
Reported CVEsVendorsProductsReports
2543Vulnerabilities found

CVE-2026-22879
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.32% / 24.13%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 21:46
Updated-26 Jun, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

Action-Not Available
Vendor-vtk
Product-vtk
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-25104
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.78%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 08:41
Updated-28 May, 2026 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-25713
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.78%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 08:39
Updated-28 May, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-28764
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.20% / 10.41%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 08:52
Updated-02 Jun, 2026 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2026-22554
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.20% / 9.97%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 13:58
Updated-29 May, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

Action-Not Available
Vendor-mediaareaMediaArea
Product-mediainfolibMediaInfoLib
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-58074
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.13% / 2.71%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 13:11
Updated-29 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation during the installation of Norton Secure VPN via the Microsoft Store

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Action-Not Available
Vendor-Gen Digital
Product-Norton Secure VPN
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CVE-2026-20911
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 39.73%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRawRed Hat, Inc.
Product-librawLibRawRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2026-21413
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 50.69%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRawRed Hat, Inc.
Product-librawLibRawRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20889
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 46.80%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRawRed Hat, Inc.
Product-librawLibRawRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-24660
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.56% / 43.09%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRawRed Hat, Inc.
Product-librawLibRawRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-24450
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.45% / 36.68%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-13 Apr, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-20884
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.45% / 36.68%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-13 Apr, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-66342
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.28% / 19.78%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-62500
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61979
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64733
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66000
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64301
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.27% / 18.71%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-64776
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.28% / 19.67%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64735
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66633
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-58427
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66617
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47873
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61952
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66503
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66042
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-65119
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-62403
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20726
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-22882
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 18.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64736
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 8.12%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-22891
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 44.25%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-20777
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.51% / 40.20%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-61982
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.65%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 14:38
Updated-18 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-OpenCFD
Product-OpenFOAM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-54817
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53516
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 23.71%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54495
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.54%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54157
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.54%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54778
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46270
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.54%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-55071
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 17.53%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54852
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 17.53%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54814
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54861
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57881
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58080
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53854
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.54%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57787
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 17.53%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53707
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 23.71%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 50
  • 51
  • Next