CVE-2026-30793

The CVE-2026-30793 entry concerns RustDesk Client (rustdesk-client) on Windows, macOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules). A Cross-Site Request Forgery (CSRF) vulnerability affects the client via rustdesk://password/ flows and related program routines (flutter/li...

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

CVE-2026-30791

CVE-2026-30791 affects RustDesk Client up to version 1.4.5 across Windows, macOS, Linux, iOS, Android, and WebClient. The issue stems from use of a broken or risky cryptographic algorithm in config import, URI scheme handler, and CLI --config modules, enabling retrieval of embedded sensitive data...

CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

SUSE CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

EUVD-2026-9474

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass...

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

PT-2026-23458

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

PT-2026-23445

Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 12.0.0 through 12.0.31 Eclipse Jetty versions 12.1.0 through 12.1.5 Description Eclipse Jetty’s GzipHandler class has an issue where a memory leak occurs when processing a compressed HTTP request Content-Encoding: gzip...

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. Versions 12.0.0 to 12.0.31, as well as 12.1.0 to 12.1.5 of Eclipse Jetty, have security vulnerabilities. These vulnerabilities stem from the fact that the GzipHandler does not...

PT-2026-23451

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

PT-2026-23462

Name of the Vulnerable Software and Affected Versions RustDesk Client versions through 1.4.5 Description A missing authorization issue exists in the RustDesk Client on Windows, MacOS, Linux, iOS, and Android. The issue allows manipulation of Application API Messages via a Man-in-the-Middle attack...

CVE-2025-70231

Summary: CVE-2025-70231 affects D-Link DIR-513 v1.10, where processing POST requests to /goform/formLogin enters /goform/getAuthCode and fails to filter the FILECODE parameter, causing a path-traversal vulnerability with high impact. The CVSSv3.1 base score is 9.8 (CRITICAL), with network access,...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the default exception handling process. An attacker can obtain sensitive internal exception messages by triggering an unhandled exception, causing the server to include the exception message in the EXCEPTIONWHAT...

Server-side Request Forgery (SSRF)

Overview @opennextjs/cloudflare is a Cloudflare builder for next apps Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the cdn-cgi/image/ handler due to improper path normalization. An attacker can cause the server to fetch arbitrary remote URLs and...

CVE-2026-3465

A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruisetime causes denial of service. Remote exploitation of the attack is possible. The...

EUVD-2026-9495

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

CVE-2026-3125

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...