Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/08 2:51 p.m.9 views

CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/02/09 7:15 p.m.7 views

UBUNTU-CVE-2026-24675

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 7:15 p.m.4 views

UBUNTU-CVE-2026-24678

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...

8.7CVSS5.8AI score0.00628EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 7:15 p.m.4 views

UBUNTU-CVE-2026-24679

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References4
CVE
CVE
added 2026/02/09 6:22 p.m.46 views

CVE-2026-24683

FreeRDP vulnerability CVE-2026-24683 affects the FreeRDP Remote Desktop Protocol implementation where ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization. A concurrent channel close can free or reinitialize the callback, leading to a use-a...

8.7CVSS5.5AI score0.00467EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:19 p.m.7 views

CVE-2026-24680

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdlPointerNew frees data on failure, then pointerfree calls sdlPointerFree and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00423EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder