freerdp security update

2.1.1-5.0.5 - Fixed CVE-2026-26955 CVE-2026-26956 Orabug: 39189643 2:2.2.0-5.0.3 - Fixed CVE-2026-22855 CVE-2026-22858 CVE-2026-22859 Orabug: 39075086 2:2.2.0-5.0.1 - fixed CVE-2026-23530 CVE-2026-23531 CVE-2026-23532 CVE-2026-23533 CVE-2026-23884 Orabug: 38971897 2:2.2.0-5 - Update: Refactored R...

CVE-2026-26956

creationtimestamp| type| source ---|---|--- 2026-05-04 18:28:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2cftc6av2t 2026-05-04 18:28:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2cgqpign2g 2026-05-05 17:10:29+00:00| seen|...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-26956 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +18 more potentially affected by CVE-2026-26956 via vm2 (>=3.0.0 <=3.10.4)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.68.29 and more Source cves: CVE-2026-26956 Source advisory: SNYK:JS-VM2-16419531...

CVE-2026-26956

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

CVE-2026-26956

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

CVE-2021-26956

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value...

CVE-2025-26956

Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

CVE-2025-26956

creationtimestamp| type| source ---|---|--- 2025-03-27 22:36:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9240 2025-03-28 01:01:18+00:00| seen| https://t.me/cvedetector/21351...

CVE-2025-26956

Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

CVE-2025-26956

Summary (fact-grounded) : CVE-2025-26873 affects the Travel Booking WordPress Theme (Traveler) up to version 3.1.8. It is categorized as an Unauthenticated PHP Object Injection vulnerability due to a missing authorization check. The vulnerability is listed as Patched/Unpatched ? The connected doc...

CVE-2025-26956 WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

CVE-2025-26956 WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

Amazon Linux 2 : kernel, --advisory ALAS2-2024-2615 (ALAS-2024-2615)

The version of kernel installed on the remote host is prior to 4.14.345-262.561. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2615 advisory. In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars...

CVE-2023-26956

creationtimestamp| type| source ---|---|--- 2023-03-08 22:24:04+00:00| seen| https://t.me/cibsecurity/59691 2025-03-06 02:17:22+00:00| seen| Telegram/kC4HNoU7E2pZdsNP5EKqND2N6SEjNMywCXQBdkKdrUDTR1vd...

CVE-2023-26956

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code...

AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +424 more potentially affected by CVE-2021-26955 +3 more via xcb (>=0.10.1 <=0.9.0)

xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: CVE-2021-26955, CVE-2021-26956, CVE-2021-26957, CVE-2021-26958 Source advisory: OSV:GHSA-MP6R-FGW2-RXFX...

AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +424 more potentially affected by CVE-2021-26955 +3 more via xcb (>=0.10.1 <=0.9.0)

xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: CVE-2021-26955, CVE-2021-26956, CVE-2021-26957, CVE-2021-26958 Source advisory: OSV:GHSA-3CJ3-JRRP-9RXF...

SUSE: Security Advisory (SUSE-SU-2020:3383-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:14548-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...