Lucene search
K

18134 matches found

Nuclei
Nuclei
added 7 hours ago73 views

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...

6.1CVSS6.4AI score0.20457EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-57156

A flaw was found in FreeRDP clients. A remote attacker, acting as a malicious Remote Desktop Protocol RDP peer, could exploit an integer overflow vulnerability. This overflow occurs when the client processes a specially crafted RDP message, leading to the allocation of an undersized memory buffer...

9.8CVSS6.5AI score0.00528EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-57158

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. FreeRDP clients using the Graphics GFX pipeline are vulnerable to an out-of-bounds read. A malicious RDP server can exploit this by sending a specially crafted, truncated RDPGFXCMDIDWIRETOSURFACE1 planar payloa...

9.1CVSS6AI score0.00528EPSS
Exploits1References7
NVD
NVD
added 4 days ago5 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS0.00522EPSS
Exploits1References6
NVD
NVD
added 4 days ago5 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS0.00528EPSS
Exploits1References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43006

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00522EPSS
Exploits1References6
CVE
CVE
added 4 days ago13 views

CVE-2026-57158

FreeRDP (Remote Desktop Protocol client) is affected in versions 3.21.0 through 3.27.x where the GFX pipeline’s planar_decompress_plane_rle_only fix is incomplete, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that may read one byte past the input...

9.1CVSS6.1AI score0.00528EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57158 FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

5.1CVSS0.00528EPSS
Exploits1References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43004

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00452EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 4 days ago6 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

8.8CVSS6.1AI score0.00452EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can writ...

8.8CVSS6.2AI score0.00554EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: rh-podman-desktop security advisory update

A security advisory update for rh-podman-desktop is now available for Red Hat Enterprise Linux 10. Red Hat build of Podman Desktop is a graphical tool for managing containers using Podman. It allows users to run, manage, and configure containers and container images using a desktop GUI. Most...

8.8CVSS7.6AI score0.00521EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago5 views

gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.6AI score0.0053EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42435

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via improper validation of input in the --write-link, --write-url-link,...

9CVSS6.3AI score0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-10037 Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-10037

CVE-2026-10037 describes a sandbox escape in Ubuntu’s OpenJDK packages. The issue arises from .jar MIME handlers installed by these packages executing files marked as executable when the mailcap package is present. A compromised sandboxed application with access to the OpenURI portal via xdg-desk...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-55404

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

8.8CVSS6.2AI score0.00554EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-55404

YT-dlp and YouTube-dl before 2026.7.4 expose a vulnerability through --write-link, --write-url-link, and --write-desktop-link that can write .url/.desktop shortcuts using attacker-controlled metadata, enabling file:// URI or desktop entry key injection and potential command execution when opened....

8.8CVSS6AI score0.00554EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder