CVE-2026-30785

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

CVE-2026-30785 RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

CVE-2026-30785

RustDesk Client (through version 1.4.5) is affected by CVE-2026-30785 due to a vulnerability described as Prototype Pollution and weak password hashing in the password_security, config, and machine-uid-related code paths (hbb_common and related modules). The issue can allow Retrieve Embedded Sens...

CVE-2026-30785 RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

vulnhub-machines-writeups

vulnhub-machines-writeups Collec...

Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion

Summary When converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. Details When using the MCP to OpenAPI feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing: Injection of additional path or query...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005635 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Use an u64 for bankmap Thee maximum number of MCA banks is 64 MAXNRBANKS, see...

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-23811

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

CVE-2026-23811

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

CVE-2025-47378

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

PT-2026-22945

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the client isolation mechanism that could allow an attacker to circumvent Layer 2 L2 communication limitations between clients, potentially redirecting traffic at Layer 3 L3...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005478 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...

MAL-2026-1182 Malicious code in bigmathutils-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c792a1951ba6e4b2e2f4e8b067b8be850400fbc0f20e89af56336fffd56b2522 The package bigmathutils-v2 was found to contain malicious code. Source: ghsa-malware cd02bf555ca1d0393411bacd3b44a82ab4c6726b7510274bcdca34126958da6...

MAL-2026-1181 Malicious code in webnochs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0860fbeb548c9d3b4715f96f79662f1dc2bd03a179268a2aba3dd907a7fa7a1b The package webnochs was found to contain malicious code. Source: ghsa-malware 254c459dafb2f3949b0e8cf6c70e4faa60aa14c46866879b8e80185bf07d89c8 Any...

MAL-2026-1162 Malicious code in xpack-test-3.0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4fcebf35e85158afa53ce21da1265a4c3acac20914c4c76285d9043ac3a2d62 The package xpack-test-3.0 was found to contain malicious code. Source: ghsa-malware 825d559cd29d6d2efd0f89583e84f31a7b471bfbc3376252e71872d8f9863d87...

Weintek cMT-3072XH2 easyweb 安全漏洞

Weintek cMT-3072XH2 easyweb is an intelligent human-machine interaction interface developed by Weintek Company in Taiwan, China. The version v2.1.53 of Weintek cMT-3072XH2 easyweb contains a security vulnerability. This vulnerability stems from improper access control in the VNC component, which...