Lucene search
K

184 matches found

NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.33 views

CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.55 views

CVE-2026-58056

RustDesk is affected by a session-authorization scope bypass in FileTransfer sessions. The root cause is gating incoming control messages on per-capability flags rather than the session’s authorized connection type; a peer with only valid FileTransfer authorization can inject keyboard/mouse input...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.10 views

EUVD-2026-39976

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53088

Name of the Vulnerable Software and Affected Versions RustDesk affected versions not specified Description An issue exists where incoming control messages are gated based on per-capability flags instead of the session's authorized connection type. Because a file-transfer session fails to clear...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 12:5 p.m.4 views

RLSA-2026:29980 Moderate: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 rhel-10.2.z JIRA:Rocky Linux-183347 For more detail...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 12:3 p.m.6 views

RLSA-2026:29981 Moderate: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 rhel-9.8.z JIRA:Rocky Linux-183350 For more details...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 5:32 p.m.6 views

net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 5:32 p.m.8 views

Moderate: Red Hat Security Advisory: golang security, bug fix, and enhancement update

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS5.8AI score0.00939EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/25 4:14 p.m.7 views

net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 4:14 p.m.7 views

Moderate: Red Hat Security Advisory: golang security, bug fix, and enhancement update

An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

5.3CVSS5.9AI score0.0037EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 12:0 a.m.3 views

ALSA-2026:29980 Moderate: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 almalinux-10.2.z JIRA:AlmaLinux-183347 For more...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 12:0 a.m.5 views

ALSA-2026:29981 Moderate: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 almalinux-9.8.z JIRA:AlmaLinux-183350 For more...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/15 1:20 a.m.14 views

SUSE CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.8CVSS5.2AI score0.00166EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 8:15 a.m.14 views

CVE-2026-49196

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

8.6CVSS6AI score0.0037EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 9:32 p.m.4 views

GHSA-2R23-2G6V-2M5F OpenStack Keystone has an Authorization Bypass

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS5.9AI score0.00329EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42492

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id POST parameter directly into an HTML form input value attribute and an...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42501

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42647

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

4.6CVSS5.7AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Attribute View Name process. An attacker can execute arbitrary JavaScript code in the context of the Electron renderer process by injecting malicious input. Details Cross-site scripting or XSS is a code...

9.6CVSS5.8AI score0.00509EPSS
Exploits0References3
Rows per page
Query Builder