UBUNTU-CVE-2026-24676

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

CVE-2026-24676 FreeRDP has a heap-use-after-free in audio_format_compatible

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

CVE-2026-24676

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

CVE-2026-24676

CVE-2026-24676 affects FreeRDP, a FreeRDP implementation of the Remote Desktop Protocol. Before version 3.22.0, the AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, causing a use-after-free in audio_format_compatible. This is a cli...

CVE-2026-24676 FreeRDP has a heap-use-after-free in audio_format_compatible

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

CVE-2026-24676

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

CLSA-2025-1766232351 libarchive: Fix of 3 CVEs

CVE-2025-5916: fix signed integer overflow in WARC format reader - CVE-2025-5917: fix buffer overflow in buildustarentry for PAX format - CVE-2025-5918: prevent skipping past EOF in archive file reading...

📄 Samsung QuramDng Warp Out-Of-Bounds Read

This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung's QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file. The script programmatically builds a minimal but valid DNG file containing a malformed WarpRectilinear opcode,...

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.22.0 contained security vulnerabilities. These vulnerabilities stemmed from the failure of audinserverrecvformats to parse audio formats correctly, leading to the release of an...

PT-2026-7179

Name of the Vulnerable Software and Affected Versions PowerDocu versions prior to 2.4.0 Description PowerDocu, a Windows GUI executable for technical documentation, has a security issue in its JSON parsing process within Flow or App packages. The application incorrectly trusts the $type property ...

CIC-Trap4Phish: A Unified Multi-Format Dataset for Phishing and Quishing Attachment Detection

Phishing attacks represents one of the primary attack methods which is used by cyber attackers. In many cases, attackers use deceptive emails along with malicious attachments to trick users into giving away sensitive information or installing malware while compromising entire systems. The...

UBUNTU-CVE-2026-25636

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to...

AZL-77091 CVE-2026-25727 affecting package rust 1.90.0-4

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

AZL-77034 CVE-2026-25727 affecting package rust 1.72.0-14

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

UBUNTU-CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

EUVD-2026-5587

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

CVE-2026-25727 time affected by a stack exhaustion denial of service attack

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

EUVD-2026-5682

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

CVE-2026-0521 Reflected Cross-Site Scripting in PDF Export Error Message

A reflected cross-site scripting XSS vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through...