Lucene search
K

4036 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-57156

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

9.8CVSS0.00698EPSS
Exploits1References4
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

8.6CVSS0.00698EPSS
Exploits1References4
OSV
OSV
added 6 days ago4 views

CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

8.6CVSS6.2AI score0.00698EPSS
Exploits1References6
CVE
CVE
added 6 days ago20 views

CVE-2026-57156

FreeRDP (32-bit builds) before version 3.28.0 is affected by an integer overflow in update_read_delta_points (libfreerdp/core/orders.c) when multiplying attacker-controlled point count by sizeof(DELTA_POINT). This can cause the allocation of an undersized heap buffer, allowing a malicious RDP pee...

9.8CVSS6.2AI score0.00698EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/06/30 7:16 a.m.30 views

CVE-2026-12819

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...

9.3CVSS0.0031EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 7:16 a.m.15 views

CVE-2026-12818

Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling CWE-770 within their Modbus TCP service...

9.3CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:28 a.m.10 views

EUVD-2026-40258

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:28 a.m.28 views

CVE-2026-12819

CVE-2026-12819 affects the Delta Electronics DVP12SE PLC. The issue is exposure of a Modbus TCP service on a specified port without authentication or access control, allowing unauthenticated interaction with security‑sensitive PLC functions. The CVSS metrics indicate high impact on confidentialit...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:24 a.m.34 views

CVE-2026-12818

Delta Electronics DVP12SE PLCs are affected by a resource allocation vulnerability (CWE-770) in the Modbus TCP service. The issue entails unbounded resource usage due to lack of limits or throttling. CVSS data from the NVD indicates a CRITICAL severity with network attack vector, no privileges, a...

9.3CVSS5.8AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:24 a.m.8 views

EUVD-2026-40257

Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling CWE-770 within their Modbus TCP service...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.26 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 7:10 p.m.5 views

EEF-CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to\delta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':default\convert\node/3...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 7:10 p.m.4 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.9AI score0.0031EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:10 p.m.7 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/29 7:10 p.m.11 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:10 p.m.18 views

CVE-2026-54889

Summary: CVE-2026-54889 security issue in Elixir.MDEx.mdex Delta conversion path allows XSS via unsanitized URL schemes in Quill Delta output. The vulnerability arises when Elixir.MDEx.DeltaConverter.default_convert_node/3 copies the URL from link, wikilink, or image nodes into the Delta attribut...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-385 Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS8AI score0.26488EPSS
Exploits3References8
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-327 DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more

Summary Python class pollution is a novel vulnerability categorized under CWE-915. The Delta class is vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it can lead to Denial of Service and Remote Code Execution via insecure Pickle...

10CVSS6.6AI score0.01056EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53687

Name of the Vulnerable Software and Affected Versions leandrocp mdex versions 0.8.3 through 0.13.1 Description Improper neutralization of input during web page generation allows cross-site scripting XSS via unsanitized URL schemes in Quill Delta output. The function to delta/2 converts Markdown...

5.1CVSS5.9AI score0.0031EPSS
Exploits0References7
Rows per page
Query Builder