rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

EUVD-2026-36139

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

EUVD-2026-36123

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

PT-2026-48700

Name of the Vulnerable Software and Affected Versions KanaDojo versions prior to 0.1.18 Description A sandbox escape allows remote code execution with full GitHub Actions runner privileges, including access to the AUTOMATION PR TOKEN variable. The issue occurs in the issue-auto-respond.yml workfl...

Linux Distros Unpatched Vulnerability : CVE-2026-44293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could...

Linux Distros Unpatched Vulnerability : CVE-2025-52293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

ROS-20260611-73-0012

The vulnerability of the cleardecompressresidualdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

tmp 输入验证错误漏洞

“tmp” is a temporary file and directory creator developed by KARASZI István as a Node.js tool. Version 0.2.6 of “tmp” contains a vulnerability related to input validation. This vulnerability arises from the “assertPath” guard, which only rejects string values that contain the substring “..”. When...

ROS-20260611-73-0024

The vulnerability of the videotimer function in the implementation of the remote desktop protocol FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

ROS-20260611-73-0023

The vulnerability of the videotimer function in the implementation of the remote desktop protocol FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

ROS-20260611-73-0027

The vulnerability of the ecamencodercompressh264 function in the FreeRDP remote desktop protocol is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data or cause service failures...

ROS-20260611-73-0028

The vulnerability of the ecamencodercompressh264 function in the FreeRDP remote desktop protocol is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data or cause service failures...

ROS-20260611-73-0009

The vulnerability of the cleardecompress function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

ROS-20260611-73-0008

The vulnerability of the gdiSurfaceToSurface function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service interruptions...

ROS-20260611-73-0016

The vulnerability of the cleardecompressbandsdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

ROS-20260611-73-0014

The vulnerability of the GlyphAlloc function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

ROS-20260611-73-0015

The vulnerability of the cleardecompressbandsdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

ROS-20260611-73-0010

The vulnerability of the cleardecompress function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...