15 matches found
EUVD-2026-42255
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback access. A malicious RDP server can trigger a race condition by sending DYNVCDATA and DYNVCCLOSE messages concurrently, causing...
CVE-2026-56297 FreeRDP - Use-After-Free via Race Condition in DRDYNVC Channel Callback
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback access. A malicious RDP server can trigger a race condition by sending DYNVCDATA and DYNVCCLOSE messages concurrently, causing...
CVE-2026-25268
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
CVE-2026-25268
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
CVE-2026-25268 Stack-based Buffer Overflow in WLAN Host
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
CVE-2026-25268
The CVE-2026-25268 issue is a stack-based buffer overflow in WLAN Host caused by memory corruption when processing invalid HT40 channel layouts during dynamic channel switching. Affects WLAN Host with a Local attack vector, requiring Low privileges and no user interaction, and with a changed scop...
CVE-2026-22851
CVE-2026-22851 concerns FreeRDP prior to 3.20.1, where a race between the RDPGFX dynamic channel thread and the SDL render thread can cause a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) may be accessed after the surface has been freed during RDPGFX Reset...
EUVD-2022-6983
Malicious code in bioql PyPI...
Multi-Channel Secure Communication Framework for Wireless IoT (MCSC-WoT): Enhancing Security in Internet of Things
In modern smart systems, the convergence of the Internet of Things IoT and Wireless of Things WoT have been revolutionized by offering a broad level of wireless connectivity and communication among various devices. Hitherto, this greater interconnectivity poses important security problems,...
CVE-2022-39203
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...
GHSA-XVQG-MV25-RWVW Parsing issue in matrix-org/node-irc leading to room takeovers
Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...
CVE-2022-39203
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...
CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...
CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...
CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...