ANT-2026-HN9XZXJ9 · freerdp · heap

heap-buffer-overflow medium GHSA-mpxh-8fq3-x8mh GHSA-mvpx-xj7r-3p3r GHSA-p6r2-4hgm-m6ff Severity Claude critical · Security research firm medium · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by...

CVE-2026-32853

A flaw was found in LibVNCServer. A malicious VNC server can exploit an improper bounds checking vulnerability in the UltraZip encoding handler, specifically within the HandleUltraZipBPP function. By manipulating subrectangle header counts, an attacker can read beyond the allocated memory buffer...

CVE-2026-32853

LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the...

UBUNTU-CVE-2026-32853

LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the...

CVE-2026-32853

LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the...

CVE-2026-32853

LibVNCServer CVE-2026-32853 affects versions

EUVD-2026-14930

LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the...

CVE-2026-32853 LibVNCServer UltraZip Encoding Heap Out-of-bounds Read

LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the...

CVE-2026-33211

A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the pathInRepo parameter. This allows the tenant to read arbitrary files from the resolver pod's filesyste...

LibVNCServer 缓冲区错误漏洞

LibVNCServer is a cross-platform C language library developed by LibVNC, which supports implementing VNC Virtual Network Computing server or client functions within programs. Versions of LibVNCServer prior to 0.9.15 contain a buffer error vulnerability. This vulnerability stems from heap...

PT-2026-27460

Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to commit 009008e LibVNCServer version 0.9.15 Description The software contains a heap out-of-bounds read issue in the UltraZip encoding handler. A malicious VNC server can exploit this to cause information disclosu...

CVE-2026-33211 Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permissi...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the processing of gRPC requests received from Envoy when the path contains a query string. An attacker can cause incorrect path handling by sending specially crafted requests with query strings...

EUVD-2026-14415

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecospw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain...

curl: HTTP/1.1 Response Desynchronization via conflicting CL/TE headers in Proxy CONNECT

Summary: curl fails to prioritize the Transfer-Encoding: chunked header over Content-Length in HTTP/1.1 proxy responses specifically 407/401 auth challenges, violating RFC 9112 Section 6.1. I have identified the root cause in cf-h1-proxy.c. In the response-handling loop around line 466, the code...

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

CVE-2026-31848 Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

Important: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...