18129 matches found
CVE-2026-13372
The CVE-2026-13372 vulnerability affects Devolutions Remote Desktop Manager 2026.2.5–2026.2.11, where incorrect link resolution by display name in the custom PowerShell VPN editor can enable an authenticated user with write access to a shared workspace to execute a PowerShell script in another us...
EUVD-2026-39832
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
Oracle Linux 9 : freerdp (ELSA-2026-19349)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19349 advisory. - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159860 - Fix double free in xfrailwindowcommon cleanup CVE-2026-2698...
PT-2026-52892
Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...
CVE-2026-50548 Cursor Desktop sandbox escape via agent-controlled working directory
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...
CVE-2026-50548
Technical details about CVE-2026-50548 are not publicly available in the provided documents. Monitor for updates to obtain affected products, root cause specifics, impact, and remediation.
GO-2026-5357 SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution in github.com/siyuan-note/siyuan/kernel
SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution in github.com/siyuan-note/siyuan/kernel...
[SECURITY] Fedora 43 Update: goose-1.36.0-1.fc43
Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...
[SECURITY] Fedora 44 Update: goose-1.36.0-1.fc44
Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...
CVE-2026-50551
CVE-2026-50551 affects SiYuan prior to 3.7.0, where a stored XSS in the Attribute View (database) asset cell renderer can escalate to remote code execution in the Electron desktop client. The issue is fixed in 3.7.0. CVSS~3.1 metrics indicate high impact on confidentiality, integrity, and availab...
CVE-2026-48731
Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...
CVE-2026-48731
Warp, a developer environment, contains a Linux external editor launcher vulnerability. From 0.2024.02.20.08.01.stable_01 to 0.2026.05.06.15.42.stable_01, Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user w...
Astra Linux – Vulnerability in firewalld
A flaw was discovered in firewalld. A local unprivileged user can exploit this vulnerability by misauthorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This misauthorization allows the user to modify the runtime firewall state without proper authentication,...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode process, planardecompressplanerle wrote into pDstData at nYDst+y nDstStep + 4nXDst + nChannel, without verifying that nYDst+nSrcHeight fits within the destination height or that...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, division by zero occurred in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign was 0, resulting in a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize, where blocksize =...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggered a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the NDR array reader in RDPEAR did not perform bounds checking on the number of on-wire elements, and could write beyond the heap buffer allocated from hints, resulting in a heap buffer overflow in...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap-buffer overflow occurred during drive reads when a server-controlled read length was used to read file data into an IRP output stream buffer without a hard upper limit. This allowed an oversized read ...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, the gdisurfacebits function processed SURFACEBITSCOMMAND messages sent by the RDP server. When these commands were processed using NSCodec, the bmp.width and bmp.height values provided by the server were not...