CVE-2026-33516

CVE-2026-33516 affects xrdp (open source RDP server). Versions up to 0.10.5 contain an out-of-bounds read during the RDP capability exchange, triggered when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can exploit this by sending a crafted C...

EUVD-2026-23515

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

CVE-2026-33516 xrdp: Pre-authentication out-of-bounds reads in RDP capability and channel parsers

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

OESA-2026-1929 libcap security update

This is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access t...

CVE-2026-6451

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

EUVD-2026-23358

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

CVE-2026-5427

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

CVE-2026-3488

The WP Statistics plugin for WordPress (vulnerable up to 14.16.4) suffers Missing Authorization due to missing capability checks on multiple AJAX handlers (wp_statistics_get_filters, wp_statistics_getPrivacyStatus, wp_statistics_updatePrivacyStatus, wp_statistics_dismiss_notices). These endpoints...

xrdp 安全漏洞

XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to 0.10.5 contain security vulnerabilities. These vulnerabilities stem from out-of-bound reads during the RDP capability exchange phase, which may lead to denial of service or the disclosure ...

WordPress plugin Kubio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-33404

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio rest pre insert import assets function, which is hooked to the rest pre insert post type filter for posts, pages, templates, and...

PT-2026-33501

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

A Practical Semi-Quantum Signature Protocol with Improved Eavesdropping Detection

Semi-quantum signature SQS schemes aim to enable quantum signature functionality in scenarios where only a subset of participants possess full quantum capabilities, thereby improving practical deployability while preserving quantum security advantages. Within this framework, we present a practica...

PT-2026-33535

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sys int syscall familly. Prior to version 0.4.7, this can lead to DoS and...

ROS-20260417-73-0041

Vulnerability in zabbix7-lts related to providing a data element for an erroneous session. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

EUVD-2026-23201

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

CVE-2026-0718

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...