Lucene search
+L

75 matches found

NVD
NVD
added 6 days ago5 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS0.00539EPSS
Exploits1References6
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00539EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00539EPSS
Exploits1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57157 Out-of-bounds read in the camera device enumerator server (rdpecam) via unterminated DeviceName / VirtualChannelName

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS0.00539EPSS
Exploits1References6
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-43006

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00539EPSS
Exploits1References6
CVE
CVE
added 6 days ago12 views

CVE-2026-57157

FreeRDP (server implementations with the MS-RDPECAM camera device enumerator channel enabled) is affected prior to 3.28.0. Attackers can cause a 1- to 2-byte out-of-bounds heap read by scanning attacker-supplied DeviceName and VirtualChannelName fields and dereferencing beyond the scanned bound i...

6.5CVSS6.1AI score0.00539EPSS
Exploits1References6Affected Software1
OSV
OSV
added 6 days ago3 views

CVE-2026-57157 Out-of-bounds read in the camera device enumerator server (rdpecam) via unterminated DeviceName / VirtualChannelName

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00539EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57294

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.28.0 Description FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled contain a flaw where the system scans the DeviceName and VirtualChannelName fields for a NUL terminator in...

9.8CVSS6.2AI score0.00698EPSS
Exploits3References15
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.44 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS0.01852EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/19 7:50 p.m.12 views

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

5.9AI score0.00017EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-40638

Malicious code in bioql PyPI...

6.6CVSS6.8AI score0.00597EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.6 views

Job Iteration API 操作系统命令注入漏洞

Job Iteration API is an open source API interface from Shopify. An operating system command injection vulnerability exists in Job Iteration API versions prior to 1.11.0, which stems from arbitrary code execution in the CsvEnumerator class that could lead to unauthorized access or data disclosure...

9.3CVSS7.9AI score0.00706EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.262 views

DNS Record Scanner and Enumerator

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DNS Record Scanner and Enumerator', 'Description' = %q This module can be used to gather information about a domain from a given DNS server by...

7AI score0.68535EPSS
Exploits7
Kitploit
Kitploit
added 2024/06/25 12:30 p.m.87 views

CloudBrute - Awesome Cloud Enumerator

A tool to find a company target infrastructure, files, and apps on the top cloud providers Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode. The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation ...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2023/12/10 11:30 a.m.50 views

Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...

8AI score
Exploits0References2
0day.today
0day.today
added 2023/07/21 12:0 a.m.239 views

RWS WorldServer 11.7.3 - Session Token Enumeration

Exploit Title: RWS WorldServer 11.7.3 - Session Token Enumeration Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0...

7.1AI score0.03122EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/07/19 12:0 a.m.265 views

RWS WorldServer 11.7.3 Session Token Enumeration

Advisory: Session Token Enumeration in RWS WorldServer Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0 Vulnerabili...

7.1AI score0.03122EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.5 views

The vulnerability of the Windows operating system’s Portable Device Enumerator Service allows a hacker to circumvent existing security restrictions.

The vulnerability of the Windows Operating System’s Portable Device Enumerator Service is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

6.2CVSS6.8AI score0.00597EPSS
Exploits0References3
CNVD
CNVD
added 2022/10/14 12:0 a.m.37 views

Microsoft Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability

Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A security feature bypass vulnerability exists in Microsoft Windows Portable Device Enumerator Service, which could be exploited by an attacker to compromise the confidentiality, integrity, or The...

4.2AI score0.00597EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/10/11 7:15 p.m.4 views

CVE-2022-38032

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability...

6.6CVSS5.8AI score0.00597EPSS
Exploits0References2
Rows per page
Query Builder