Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1454)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1454 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP...

Fedora: Security Advisory (FEDORA-2026-fa67f40526)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-24677

creationtimestamp| type| source ---|---|--- 2026-02-10 15:17:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mejb2woyrq2x...

CVE-2026-24677

A heap buffer overflow has been discovered in FreeRDP. ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. Mitigation Mitigation for this issue is either not available or the currently available...

DEBIAN-CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

Linux Distros Unpatched Vulnerability : CVE-2026-24677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2025-24677

Improper Control of Generation of Code 'Code Injection' vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Remote Code Inclusion.This issue affects Post/Page Copying Tool: from n/a through = 2.0.3...

CVE-2025-24677

creationtimestamp| type| source ---|---|--- 2025-02-04 15:17:00+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhee22zpiz2c 2025-02-04 16:03:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lhegmtrpg22k 2025-02-04 16:48:50+00:00| seen|...

CVE-2025-24677

Improper Control of Generation of Code 'Code Injection' vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Remote Code Inclusion.This issue affects Post/Page Copying Tool: from n/a through = 2.0.3...

CVE-2025-24677 WordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Remote Code Inclusion.This issue affects Post/Page Copying Tool: from n/a through = 2.0.3...

CVE-2025-24677 WordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3...

CVE-2025-24677

CVE-2025-24677 concerns WPSpins Post/Page Copying Tool (WordPress plugin). Connected sources confirm an Improper Control of Generation of Code leading to Remote Code Execution (RCE) for Post/Page Copying Tool versions 0 through 2.0.3. Attack requires authenticated/Contributor+ context (per CVSS d...

CVE-2022-24677

creationtimestamp| type| source ---|---|--- 2022-02-09 02:12:19+00:00| seen| https://t.me/cibsecurity/37041...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2022-24677

CVE-2022-24677 affects HYBBS2 up to version 2.3.2. Admin.php writes plugin-related configuration information to conf.php, enabling remote code execution. The vulnerability is triggered on the Admin.php page and has been characterized with high/severe impact (NVD CVSS v3.1: 9.8, CRITICAL; v2: 7.5,...

CVE-2021-24677

creationtimestamp| type| source ---|---|--- 2021-10-18 18:32:16+00:00| seen| https://t.me/cibsecurity/30711...

CVE-2021-24677

The CVE concerns the WordPress plugin Find My Blocks prior to version 3.4.0, where the REST API lacks authorization checks. This allows unauthenticated users to enumerate titles of private posts via the plugin’s REST endpoints (e.g., private post title disclosure). Impact is limited to affected s...

CVE-2021-24677 Find My Blocks < 3.4.0 - Private Post Titles Disclosure

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles...