CVE-2026-25955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer, because gdiDeleteSurface frees surface-data without invalidating the appWindow-image that...

CVE-2026-25955 FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer, because gdiDeleteSurface frees surface-data without invalidating the appWindow-image that...

CVE-2026-25953 FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (freed appWindow)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reads from a freed xfAppWindow because the RDPGFX DVC thread obtains a bare pointer via xfrailgetwindow without any lifetime protection, while the main thread can concurrently...

EUVD-2026-8733

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reads from a freed xfAppWindow because the RDPGFX DVC thread obtains a bare pointer via xfrailgetwindow without any lifetime protection, while the main thread can concurrently...

CVE-2025-14553

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

CVE-2025-14553 Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

Security Bulletin: NVIDIA App - November 2025

NVIDIA has released a software update for NVIDIA App. To protect your system, download and install the latest version of NVIDIA App from the NVIDIA App site. Go to NVIDIA Product Security...

EUVD-2024-52572

Malicious code in bioql PyPI...

EUVD-2023-32617

Malicious code in bioql PyPI...

EUVD-2024-42756

Malicious code in bioql PyPI...

EUVD-2024-42277

Malicious code in bioql PyPI...

Security Bulletin: NVIDIA App - September 2025

NVIDIA has released a software update for NVIDIA App. To protect your system, download and install the latest version of NVIDIA App from the NVIDIA App site. Go to NVIDIA Product Security...

CVE-2024-45045

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

Security Bulletin: NVIDIA App - April 2025

NVIDIA has released a software update for the NVIDIA App. To protect your system, download and install the latest version of NVIDIA App from the NVIDIA App site. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses...

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

Signal to shield user phone numbers by default

Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app. In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal h...

PT-2023-26411 · Intel · Intel Smart Campus

Name of the Vulnerable Software and Affected Versions: Intel Smart Campus android application versions prior to 9.4 Description: The issue is related to improper access control, which may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations:...

Meta Set to Enable Default End-to-End Encryption on Messenger by Year End

Meta has once again reaffirmed its plans to roll out support for end-to-end encryption E2EE by default for one-to-one friends and family chats on Messenger by the end of the year. As part of that effort, the social media giant said it's upgrading "millions more people's chats" effective August 22...

Medtronic Micro Clinician and InterStim Apps

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: Micros Clinician A51200 app and InterStim X Clinician A51300 app Vulnerabilities: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the clinician...

VulnCheck KEV: CVE-2023-20963

Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed...