PT-2026-23722

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.2 Description CoreDNS is a DNS server that utilizes chained plugins. A denial of service condition exists in the loop detection plugin due to a predictable pseudo-random number generator PRNG used for generating ...

GHSA-XXH7-FCF3-RJ7F The Eclipse Jetty Server Artifact has a Gzip request memory leak

Description as reported There is a memory leak when using GzipHandler in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I'm reporting this as a vulnerability. The leak is created by requests where the request is inflated Content-Encoding: gzip and the response is...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +432 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.10)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.5 and more Source cves: CVE-2026-28277 Source advisory: OSV:PYSEC-2026-83...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

EUVD-2026-9827

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

CVE-2026-30797

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

CVE-2026-30793

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

CVE-2026-30784

...

CVE-2026-30797 RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

CVE-2026-30797

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

CVE-2026-30797

CVE-2026-30797 describes a Missing Authorization vulnerability in the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. The issue involves the Flutter URI scheme handler and config import modules, permitting Application API Message Manipulation via Man-in-the-Middl...

CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

CVE-2026-30793

The CVE-2026-30793 entry concerns RustDesk Client (rustdesk-client) on Windows, macOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules). A Cross-Site Request Forgery (CSRF) vulnerability affects the client via rustdesk://password/ flows and related program routines (flutter/li...

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

CVE-2026-30791

CVE-2026-30791 affects RustDesk Client up to version 1.4.5 across Windows, macOS, Linux, iOS, Android, and WebClient. The issue stems from use of a broken or risky cryptographic algorithm in config import, URI scheme handler, and CLI --config modules, enabling retrieval of embedded sensitive data...

CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

SUSE CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

EUVD-2026-9474

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass...

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...