EUVD-2026-36529

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

CVE-2026-11846

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

CVE-2026-47166

A flaw was found in ImageMagick, a widely used software for image editing. An attacker with high privileges and local access could exploit a vulnerability in the magick -distribute-cache service. By causing a heap buffer over-read, this could lead to the disclosure of sensitive information and...

CVE-2026-11846 IEI Integration Corp｜iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

PT-2026-49021

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...

PT-2026-48958

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

Infinite Loop

net/http is vulnerable to Infinite Loop. The vulnerability is due to improper handling of HTTP/2 SETTINGS frames, where receiving a SETTINGSMAXFRAMESIZE value of 0 causes the transport layer to enter an infinite loop while writing CONTINUATION frames, leading to excessive resource consumption and...

ROS-20260611-73-0027

The vulnerability of the ecamencodercompressh264 function in the FreeRDP remote desktop protocol is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data or cause service failures...

ROS-20260611-73-0009

The vulnerability of the cleardecompress function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

ROS-20260611-73-0010

The vulnerability of the cleardecompress function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

ROS-20260611-73-0007

The vulnerability of the gdiSurfaceToSurface function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service interruptions...

ROS-20260611-73-0015

The vulnerability of the cleardecompressbandsdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

ROS-20260611-73-0006

The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to buffer overflow in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failure...

ROS-20260611-73-0004

The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory, due to incorrect encoding based on the Base64 standard. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20260611-73-0001

The vulnerability of the URBDRC RDP-client-freeRDP device lies in unvalidated array indexing. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...

ROS-20260611-73-0039

The vulnerability of the Linux operating system’s network protocol implementation is related to the repeated release of memory. Exploiting this vulnerability can allow an attacker to increase their privileges and cause service interruptions...

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

ROS-20260610-73-0038

The vulnerability of the audinprocessformats function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...

PT-2026-48443

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

ROS-20260610-73-0041

The vulnerability of the ndrreaduint8Array function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...