120629 matches found
RLSA-2026:6918 Important: freerdp security update
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP...
freerdp security update
An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...
gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update
An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStream...
RLSA-2026:6750 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...
RLSA-2026:6915 Important: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...
EUVD-2026-20773
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...
CVE-2025-70811
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...
CVE-2025-70810
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...
CVE-2025-70810
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...
CVE-2026-30479
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...
PT-2026-31645
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...
CVE-2026-30479
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...
PT-2026-31677
Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions through 3.5.0 Description Hashgraph Guardian through version 3.5.0 has an unsandboxed JavaScript execution issue in the Custom Logic policy block worker. Authenticated Standard Registry users can execute arbitrary...
CVE-2026-30479
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...
phpBB 安全漏洞
phpBB is a set of web forum software developed by Ariefibis. Version phpBB 3.3.15 has a security vulnerability, which stems from cross-site request forgery in the login function and authentication mechanism. This vulnerability could allow for the execution of arbitrary code...
OSGeo MapServer 安全漏洞
OSGeo MapServer is an open-source geospatial data publishing and map rendering service developed by OSGeo. Prior to OSGeo MapServer 8.0, there were security vulnerabilities; these vulnerabilities stemmed from dynamic link library injections, which could allow attackers to execute arbitrary code...
PT-2026-31617
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...
CVE-2026-30479
CVE-2026-30479 affects OSGeo MapServer, prior to version 8.0. The issue is a Dynamic-link Library (DLL) Injection vulnerability that allows an attacker to execute arbitrary code through a crafted executable. The cited documents consistently describe the vulnerability as enabling arbitrary code ex...
Fleet OS Command Injection Vulnerability
Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An operating system command injection vulnerability exists in Fleet...
Tenda AC6 goform/QuickIndex file buffer overflow vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.05.16. The vulnerability stems from the parameter PPPOEPassword in the file /goform/QuickIndex that fails to properly validate the length and size of the input data...