CVE-2026-26965

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...

CVE-2026-26965

CVE-2026-26965 affects FreeRDP: a heap out-of-bounds write in the RLE planar decode path (planar_decompress_plane_rle) writes beyond destination bounds when TempFormat != DstFormat, risking an attacker-controlled offset and pixel data. The write can corrupt adjacent memory (NSC_CONTEXT.decode poi...

SUSE SLED15 / SLES15 Security Update : cJSON (SUSE-SU-2025:03520-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03520-1 advisory. - CVE-2023-26819: Allocate memory for the temporary buffer when paring numbers bsc1241502 - CVE-2025-57052: F...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

PT-2025-35723

Name of the Vulnerable Software and Affected Versions cJSON versions 1.5.0 through 1.7.18 Description cJSON versions 1.5.0 through 1.7.18 contain an out-of-bounds access issue within the decode array index from pointer function located in cJSON Utils.c. This allows attackers to bypass array bound...