CVE-2025-61952 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. The versions below were either tested or verified to be vulnerable […]

CVE-2025-61979 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. The versions below were either tested or verified to be vulnerable […]

CVE-2025-62500 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. The versions below were either tested or verified to be vulnerable […]

CVE-2025-62405 A stack-based buffer overflow vulnerability exists in the tmpServer SmartNetSetClientList() functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. The versions below were either tested or verified […]

CVE-2025-58455 A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x1003 functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted network packets can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. The versions below were either tested or verified to […]

CVE-2025-62673 A stack-based buffer overflow vulnerability exists in the tdpServer ssh port update functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a packet to trigger this vulnerability. The versions below were either tested or […]

An attacker sending a malformed miIO message over WiFi to a Xiaomi Smart camera device can trigger the vulnerability described here. This report describes a heap buffer overflow, which leads to remote code execution. The vulnerability described in this advisory affects a potentially wide range of Xiaomi Smart devices. This […]

An attacker sending malformed miIO messages over WiFi to a Xiaomi Smart camera device can trigger the vulnerability described here. This report describes a use of cryptographically weak PRNG implementation issue, which leads to reliable prediction of cryptographic primitives used in the proprietary Xiaomi miIO protocol’s authentication and key agreement […]

An attacker sending malformed miIO messages over WiFi to a Xiaomi Smart camera device can trigger the vulnerability described here. This report describes a secure protocol design issue, which leads to authentication bypass in the proprietary Xiaomi miIO protocol. The vulnerability described in this advisory affects a potentially wide range […]

13th March 2026 As part of MDSec’s R&D work, we often discover vulnerabilities and develop exploits to support our red team engagements. When researching widely used software, it is often only a matter of time before the same vulnerability is discovered by other researchers and reported to the vendor. Two […]