Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy . For
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy . For
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy . For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .      Canva Affinity vulnerabilities Discovered by KPC of Cisco Talos. Canva Affinity is a free-to-use tool for pixel and vector art manipulation used in graphic and document design. Talos researchers found 19 vulnerabilities in Affinity. Eighteen of them are out-of-bounds read vulnerabilities in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit these vulnerabilities to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. TALOS-2025-2311 (CVE-2025-64776) TALOS-2025-2310 (CVE-2025-64301) TALOS-2025-2300 (CVE-2025-64733) TALOS-2025-2319 (CVE-2025-66042) TALOS-2025-2321 (CVE-2025-62403) TALOS-2025-2314 (CVE-2025-58427) TALOS-2025-2298 (CVE-2025-62500) TALOS-2025-2299 (CVE-2025-61979) TALOS-2025-2317 (CVE-2025-61952) TALOS-2025-2316 (CVE-2025-47873) TALOS-2025-2318 (CVE-2025-66503) TALOS-2025-2324 (CVE-2026-20726) TALOS-2025-2301 (CVE-2025-66000) TALOS-2025-2320 (CVE-2025-65119) TALOS-2025-2325 (CVE-2026-22882) TALOS-2025-2315 (CVE-2025-66617) TALOS-2025-2313 (CVE-2025-66633) TALOS-2025-2312 (CVE-2025-64735) The last vulnerability is TALOS-2025-2297 (CVE-2025-66342), a type confusion vulnerability in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. TP-Link vulnerabilities Discov