Linux Distros Unpatched Vulnerability : CVE-2026-44422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multip...

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from malicious RDP servers that could trigger a client heap buffer overflow by sending specially...

PT-2026-43211

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: 1. CVE-2025-43520 - 📝 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS...

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

PT-2026-38362

Name of the Vulnerable Software and Affected Versions Claude Desktop versions 1.2581.0 through 1.4303.0 Description The SSH remote development feature fails to compare the server's presented host key against the stored key, verifying only if the hostname exists in the /.ssh/known hosts file. This...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP before 3.5.0 or 2.11.6 are vulnerable to integer overflows and out-of-bounds writes. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, do not use /gfx options for example, deactivate...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function gdimultiopaquerect. In particular there is no code to validate if the value...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

Adobe Photoshop Desktop Out-of-Bounds Read Vulnerability

Adobe Photoshop Desktop is a photo manipulation software from the American company Audobee Adobe. Adobe Photoshop Desktop suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause code execution in the current user's environment...

EUVD-2026-22651

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

KB5082063: Windows Server 2025 Security Update (April 2026)

The remote Windows host is missing security update 5082063. It is, therefore, affected by multiple vulnerabilities - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. CVE-2026-33824 - Protection mechanism failure in Windows Shell allows an...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS PDUs...

VulnCheck KEV: CVE-2026-34621

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

CVE-2026-33955

Notesnook: A stored XSS in the note history diff viewer (Web/Desktop) can lead to remote code execution in the desktop app. Trigger occurs when an attacker-controlled note header is rendered with dangerouslySetInnerHTML, and, when combined with the full backup/restore feature, is exploitable due ...

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

CVE-2026-33976

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

GHSA-VV3H-7QWR-722V Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

CVE-2026-1628 Mattermost allows external websites to open within the app, exposing preload functionality to non-trusted sites.

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

CVE-2026-27950

CVE-2026-27950 affects FreeRDP prior to 3.23.0, where the heap-use-after-free described in the advisory is incompletely fixed in the SDL2 path (SDL3 path fix present). The SDL2 code path does not nulled the pointer after free, leaving a vulnerable execution flow in some builds/environments. A com...