Lucene search
K

18081 matches found

Cvelist
Cvelist
added 2026/06/15 11:55 p.m.29 views

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS0.00144EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/15 8:20 p.m.11 views

Buffer Overflow

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Buffer Overflow in the Buffer API. An attacker can cause application crashes or trigger incorrect memory allocations by...

9.8CVSS5.9AI score0.00253EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/06/15 8:17 p.m.13 views

Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software

During our recent threat hunting activities, we found EtherRAT malware being distributed by a website with a strange homepage. This homepage allowed us to discover a vast malicious infrastructure distributing malware, malicious documents, remote desktop software, and phishing pages. EtherRAT is a...

6.6AI score
Exploits0
Cvelist
Cvelist
added 2026/06/15 7:56 p.m.29 views

CVE-2026-48124 Cursor Desktop sandbox escape via Claude hook configuration

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS0.00144EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/15 7:15 p.m.7 views

CVE-2026-52720

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.2AI score0.00489EPSS
Exploits0
NVD
NVD
added 2026/06/15 4:16 p.m.10 views

CVE-2026-8683

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.10 views

CVE-2026-6517

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

7.7CVSS0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 2:6 p.m.11 views

EUVD-2026-36732

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 2:6 p.m.34 views

CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 2:6 p.m.8 views

CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.3AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 2:6 p.m.16 views

CVE-2026-8683

Mattermost Desktop App

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/15 1:55 p.m.38 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 1:55 p.m.15 views

EUVD-2026-36725

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS5.3AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 1:55 p.m.10 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS5.2AI score0.00187EPSS
Exploits0References1
Redos
Redos
added 2026/06/15 12:0 a.m.7 views

ROS-20260615-73-0037

The vulnerability of the RDP client FreeRDP is related to the lack of use of the assert function. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

6.9CVSS4.8AI score0.00256EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.10 views

ROS-20260615-73-0029

The vulnerability of the xfclipboardformatequal function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.8CVSS8.3AI score0.00567EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.7 views

ROS-20260615-73-0027

The vulnerability of the avc420yuvtorgb function in the RDP client FreeRDP is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

8.2CVSS4.9AI score0.00323EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.9 views

ROS-20260615-73-0031

The vulnerability of the updatereadcachebitmaporder function in the RDP client FreeRDP is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failure...

3.1CVSS4.8AI score0.00175EPSS
Exploits0
Redos
Redos
added 2026/06/15 12:0 a.m.10 views

ROS-20260615-73-0015

The vulnerability of the gdiSurfaceCommandClearCodec function in the RDP client FreeRDP is caused by a buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

8.8CVSS8.3AI score0.00537EPSS
Exploits1
Rows per page
Query Builder