CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2103 matches found

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.3AI score0.00068EPSS

Exploits1References1

OSV•added 2026/05/29 8:16 p.m.•4 views

UBUNTU-CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

8.8CVSS5.9AI score0.00055EPSS

Exploits1References3

Cvelist•added 2026/05/29 7:40 p.m.•28 views

CVE-2026-44421 FreeRDP RDPGFX CacheToSurface heap-buffer-overflow via clamped-rectangle validation bypass

8.8CVSS0.00055EPSS

Exploits1References1

Tenable Nessus•added 2026/05/28 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-40033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The...

8.8CVSS6AI score0.00068EPSS

Exploits1References3

SUSE CVE•added 2026/05/27 2:49 a.m.•7 views

SUSE CVE-2026-40033

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3

OSV•added 2026/05/26 3:16 p.m.•4 views

DEBIAN-CVE-2026-40033

8.7CVSS6.4AI score0.00068EPSS

Exploits1References1

NVD•added 2026/05/26 3:16 p.m.•11 views

CVE-2026-40033

8.8CVSS0.00068EPSS

Exploits1References3

UbuntuCve•added 2026/05/26 3:16 p.m.•5 views

CVE-2026-40033

8.8CVSS6.4AI score0.00068EPSS

Exploits1References4

AlpineLinux•added 2026/05/26 2:8 p.m.•13 views

CVE-2026-40033

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3

Cvelist•added 2026/05/26 2:8 p.m.•36 views

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

8.8CVSS0.00068EPSS

Exploits1References3

EUVD•added 2026/05/26 2:8 p.m.•8 views

EUVD-2026-31830

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3

ATTACKERKB•added 2026/05/26 2:8 p.m.•7 views

CVE-2026-40033

8.8CVSS6.5AI score0.00068EPSS

Exploits1References4

CVE•added 2026/05/26 2:8 p.m.•16 views

CVE-2026-40033

FreeRDP before 3.26.0 is affected by a heap-buffer-overflow in gdi_CacheToSurface. The issue stems from rectangle validation clamping coordinates to UINT16_MAX while copy operations use unclamped cache entry dimensions, enabling a malicious RDP server to trigger large out-of-bounds writes and pot...

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/05/26 2:8 p.m.•6 views

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3

CNNVD•added 2026/05/26 12:0 a.m.•7 views

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the gdiCacheToSurface function, which could allow remote attackers ...

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, deleting offscreen bitmaps caused gdi-drawing to point to freed memory, leading to UAF when related update packets arrived. A malicious server could trigger client-side use after the objects were freed,...

9.8CVSS6.2AI score0.00225EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurred in the gdiSurfaceToSurface path of the FreeRDP client due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can...

9.8CVSS6.3AI score0.00175EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...

9.8CVSS7AI score0.00105EPSS

Exploits1References2

Malwarebytes•added 2026/05/13 11:0 a.m.•9 views

May 2026 Patch Tuesday: no zero-days but plenty to fix

This month’s Patch Tuesday remedies 137 security vulnerabilities, including 31 marked critical by Microsoft, with no zero-days actively exploited in the wild. Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is available yet.” This month, Microsof...

8.4CVSS7AI score0.00075EPSS

Exploits0

NVD•added 2026/05/12 6:17 p.m.•4 views

CVE-2026-35421

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS0.00062EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by