118 matches found
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the RDPSND async playback thread could process queued PDUs after the channel was closed and its internal state was freed, resulting in a use after free in rdpsndtreatwave. This vulnerability has been fixed i...
CVE-2026-42047
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...
PT-2026-37248
Name of the Vulnerable Software and Affected Versions Inngest versions 3.22.0 through 3.53.1 Description Unauthenticated remote attackers can exfiltrate environment variables from the host process via the 'serve' HTTP handler. While the 'serve' handler implements GET, POST, and PUT methods,...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the sdlPointerNew function freed memory upon failure. However, after that function called pointerfree, it would call sdlPointerFree to free the memory again, triggering a Universal Address Fault UAF in ASan...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010675)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010675 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010672)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010672 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010674)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010674 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010676)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010676 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, videotimer can send client notifications after the control channel is closed,...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010664)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010664 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is close...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007201)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007201 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007202)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007202 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007208)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007208 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure ...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007195)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007195 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007188)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007188 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBD...
CVE-2026-35052
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...
CVE-2026-35052
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...
CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...