CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...

PT-2026-22782

Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description An access control issue exists in the VNC component. This allows unauthorized attackers to access the HMI system. Recommendations Update to a newer version that...

EUVD-2024-55464

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...

CVE-2020-37134

CVE-2020-37134 affects UltraVNC Viewer 1.2.4.0. The vulnerability is a denial-of-service triggered by pasting a malformed 256-byte payload into the VNC Server connection dialog, which crashes the application. The available connected documents corroborate the affected software and the method to re...

EVE's Debug Functions Unlockable Without Triggering Measured Boot

Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...

MiracleLinux 3 : vnc-4.1.2-9.6AXS3 (AXSA:2009-21:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-21:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running...

MiracleLinux 3 : vnc-4.1.2-14.1.0.1.AXS3 (AXSA:2010-240:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-240:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is runnin...

MiracleLinux 4 : tigervnc-1.0.90-0.15.20110314svn4359.AXS4.1 (AXSA:2011-641:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-641:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is runnin...

[SECURITY] Fedora 42 Update: tigervnc-1.15.0-10.fc42

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

[SECURITY] Fedora 43 Update: tigervnc-1.15.0-10.fc43

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

Important: qemu

Issue Overview: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client wi...

Linux Distros Unpatched Vulnerability : CVE-2025-11234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callba...

Qemu-kvm: vnc websocket handshake use-after-free

...

EUVD-2019-10452

Malware in sbrugna...

EUVD-2025-24245

Malicious code in bioql PyPI...

EUVD-2025-32237

Malicious code in bioql PyPI...

CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

CVE-2025-11234 Qemu-kvm: vnc websocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan RAT in late August 2025, sa...

CVE-2025-58435 Open OnDemand didn't rotate password for VNC batch_connect

Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...