CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.8CVSS5.8AI score0.00012EPSS

SUSE CVE-2026-50256

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

SUSE CVE-2026-50257

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...

7.8CVSS5.8AI score0.00012EPSS

SUSE CVE-2026-50258

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...

7.8CVSS6AI score0.00012EPSS

SUSE CVE-2026-50259

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

SUSE CVE-2026-50260

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

SUSE CVE-2026-50261

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

5.5CVSS5.4AI score0.00012EPSS

SUSE CVE-2026-50262

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS5.4AI score0.00012EPSS

SUSE CVE-2026-50263

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

SUSE CVE-2026-50264

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

Tenable Nessus•added 2 days ago•3 views

FreeBSD : xorg-server -- Multiple vulnerabilities (592ced15-5e20-11f1-86a2-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 592ced15-5e20-11f1-86a2-589cfc10a551 advisory. X.Org project reports: Multiple issues have been found in the X server and Xwayland...

7.8CVSS5.6AI score0.00012EPSS

Exploits0References12

Tenable Nessus•added 2 days ago•4 views

FreeBSD : xwayland -- Multiple vulnerabilities (36cb0ced-5e23-11f1-86a2-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 36cb0ced-5e23-11f1-86a2-589cfc10a551 advisory. X.Org project reports: Multiple issues have been found in the X server and Xwayland...

7.8CVSS5.6AI score0.00012EPSS

Exploits0References12

Tenable Nessus•added 2 days ago•5 views

RHEL 8 : tigervnc (RHSA-2026:23254)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23254 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

Tenable Nessus•added 2 days ago•5 views

RHEL 9 : tigervnc (RHSA-2026:22424)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22424 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

Tenable Nessus•added 2 days ago•5 views

RHEL 8 : tigervnc (RHSA-2026:23255)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23255 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

Tenable Nessus•added 2 days ago•4 views

RHEL 6 : tigervnc (RHSA-2026:23496)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23496 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...