52662 matches found
CVE-2026-39118
Kandji Agent from Iru, Inc. (pre-4.7.5(5374)) contains a local privilege-escalation flaw driven by a client-validation gap that allows a local attacker to invoke restricted agent functionality. The CVSS metrics indicate HIGH impact across confidentiality, integrity, and availability with LOCAL at...
PT-2026-49301
Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...
CVE-2026-45389
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...
PT-2026-49246
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...
CVE-2026-39118
An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...
CVE-2026-45389
Summary (OCaml-TLS CVE-2026-45389): OCaml-TLS versions before 2.1.0 fail to properly validate KeyUsage and ExtendedKeyUsage on client certificates during mutual TLS, allowing impersonation with certificates intended for server authentication. The issue arises in the server-side certificate valida...
CVE-2026-45389
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...
ROS-20260615-73-0011
The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to data writing beyond the specified buffer. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
ROS-20260615-73-0043
The vulnerabilities of the functions kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA in the FreeRDP client are related to a memory reclamation error. Exploiting these vulnerabilities could allow an attacker to compromise the accessibility of protected information...
ROS-20260615-73-0041
The vulnerability of the yuvensurebuffer function in the RDP client FreeRDP is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted NAL packets...
ROS-20260615-73-0009
The vulnerability of the RDP client FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
ROS-20260615-73-0015
The vulnerability of the gdiSurfaceCommandClearCodec function in the RDP client FreeRDP is caused by a buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
ROS-20260615-73-0016
The vulnerability of the gdiSurfaceCommandClearCodec function in the RDP client FreeRDP is caused by a buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
PT-2026-49594
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Payload resources are not closed correctly when a client disconnects during a write operation. If a payload utilizes an open file or other limited resources, an attacker can cause temporary resource...
PT-2026-49186
The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...
ROS-20260615-73-0030
The vulnerability of the bitmapcacheput function in the FreeRDP client involves writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
ROS-20260615-73-0007
The vulnerability of the StreamEnsureCapacity function in the RDP client FreeRDP is caused by a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...
ROS-20260615-73-0026
The vulnerabilities of the functions xfSetWindowMinMaxInfo and xfrailgetwindow in the RDP client FreeRDP are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protecte...
ROS-20260615-73-0038
The vulnerability of the progressivedecompresstileupgrade function in the RDP client FreeRDP is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failure...
CVE-2026-54412
LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...