VYPR

Arduino Ide

by Arduino

Source repositories

CVEs (6)

  • CVE-2026-28521Mar 15, 2026
    risk 0.00cvss epss 0.00

    arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result…

  • CVE-2026-25933Feb 12, 2026
    risk 0.00cvss epss 0.00

    Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected…

  • CVE-2025-64724Dec 18, 2025
    risk 0.00cvss epss 0.00

    Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user…

  • CVE-2025-64723Dec 18, 2025
    risk 0.00cvss epss 0.00

    Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic…

  • CVE-2025-27608LowApr 2, 2025
    risk 0.00cvss epss 0.00

    Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can…

  • CVE-2023-49296Dec 13, 2023
    risk 0.00cvss epss 0.00

    The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the…