4036 matches found
CVE-2026-57156
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...
CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...
CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...
CVE-2026-57156
FreeRDP (32-bit builds) before version 3.28.0 is affected by an integer overflow in update_read_delta_points (libfreerdp/core/orders.c) when multiplying attacker-controlled point count by sizeof(DELTA_POINT). This can cause the allocation of an undersized heap buffer, allowing a malicious RDP pee...
CVE-2026-12819
Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...
CVE-2026-12818
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling CWE-770 within their Modbus TCP service...
EUVD-2026-40258
Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...
CVE-2026-12819
CVE-2026-12819 affects the Delta Electronics DVP12SE PLC. The issue is exposure of a Modbus TCP service on a specified port without authentication or access control, allowing unauthenticated interaction with security‑sensitive PLC functions. The CVSS metrics indicate high impact on confidentialit...
CVE-2026-12818
Delta Electronics DVP12SE PLCs are affected by a resource allocation vulnerability (CWE-770) in the Modbus TCP service. The issue entails unbounded resource usage due to lack of limits or throttling. CVSS data from the NVD indicates a CRITICAL severity with network attack vector, no privileges, a...
EUVD-2026-40257
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling CWE-770 within their Modbus TCP service...
CVE-2026-54889
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
EEF-CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to\delta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':default\convert\node/3...
CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
CVE-2026-54889
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
CVE-2026-54889
Summary: CVE-2026-54889 security issue in Elixir.MDEx.mdex Delta conversion path allows XSS via unsanitized URL schemes in Quill Delta output. The vulnerability arises when Elixir.MDEx.DeltaConverter.default_convert_node/3 copies the URL from link, wikilink, or image nodes into the Delta attribut...
PYSEC-2026-385 Remote code execution in pytorch lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
PYSEC-2026-327 DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
Summary Python class pollution is a novel vulnerability categorized under CWE-915. The Delta class is vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it can lead to Denial of Service and Remote Code Execution via insecure Pickle...
PT-2026-53687
Name of the Vulnerable Software and Affected Versions leandrocp mdex versions 0.8.3 through 0.13.1 Description Improper neutralization of input during web page generation allows cross-site scripting XSS via unsanitized URL schemes in Quill Delta output. The function to delta/2 converts Markdown...