Lucene search
K

32960 matches found

Cvelist
Cvelist
added 2026/03/05 3:27 p.m.31 views

CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

8.7CVSS0.00271EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 3:21 p.m.4 views

CVE-2026-30793

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

9.3CVSS5.9AI score0.00306EPSS
Exploits1References5
NVD
NVD
added 2026/03/05 3:16 p.m.8 views

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

8.7CVSS0.00226EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/05 2:14 p.m.31 views

CVE-2026-3598 RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Instead of Encryption

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

8.7CVSS0.00226EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 2:14 p.m.10 views

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

8.7CVSS5.9AI score0.00226EPSS
Exploits1References4
CVE
CVE
added 2026/03/05 2:14 p.m.18 views

CVE-2026-3598

The CVE concerns RustDesk Server Pro (RustDesk Server Pro) up to version 1.7.5 where config strings are generated using a reversible encoding (Base64 plus reversal) instead of proper encryption. This weakness in the config export/generation routines potentially allows an attacker who can access t...

8.7CVSS5.9AI score0.00226EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23458

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

9.3CVSS5.9AI score0.00306EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.4 views

PT-2026-23601

Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 macOS before build 41186, Acronis Cyber Protect Cloud Agent macOS before build 41124...

7.8CVSS5.9AI score0.00105EPSS
Exploits0References2
Amazon
Amazon
added 2026/03/05 12:0 a.m.5 views

Important: nodejs20

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00334EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23461

Name of the Vulnerable Software and Affected Versions RustDesk Server Pro versions through 1.7.5 Description A security issue exists in RustDesk Server Pro related to the transmission of sensitive information in cleartext. The vulnerability is present in the address book sync API modules and allo...

7.5CVSS5.8AI score0.00261EPSS
Exploits1References8
Amazon
Amazon
added 2026/03/05 12:0 a.m.8 views

Important: nodejs24

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00541EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.5 views

Wireshark 4.6.x < 4.6.4 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.6.4. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.4 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of...

7.8CVSS5.9AI score0.00184EPSS
Exploits5References30
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/05 12:0 a.m.11 views

Apple Multiple products Use-After-Free Vulnerability

Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption...

8.8CVSS5.9AI score0.03901EPSS
In wildExploits1
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

Wireshark 4.4.x < 4.4.14 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.4.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.14 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial ...

7.8CVSS6.8AI score0.00306EPSS
Exploits8References40
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.2 views

Google Chrome < 145.0.7632.159 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 145.0.7632.159. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop advisory. - Insufficient data validation in Navigation in Google Chrome prior to...

9.6CVSS7.6AI score0.00497EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2026/03/04 12:28 a.m.3 views

SUSE CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

7CVSS6AI score0.00157EPSS
Exploits0References4
Apple
Apple
added 2026/03/04 12:0 a.m.14 views

Apple Security Update: macOS Tahoe 26.3.1

Apple recommends to install security update macOS Tahoe 26.3.1 on devices macOS Tahoe...

5.9AI score
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/03 9:41 p.m.3 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the system.run when allowlist parsing fails to reject command substitution tokens inside double-quoted shell text. An attacker can execute unauthorized commands on t...

7.5CVSS6.1AI score0.0063EPSS
Exploits1References2
OSV
OSV
added 2026/03/03 9:41 p.m.3 views

GHSA-9P38-94JF-HGJJ OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution

Summary In OpenClaw's macOS node-host path, system.run allowlist parsing in security=allowlist mode failed to reject command substitution tokens when they appeared inside double-quoted shell text. Because of that gap, payloads like echo "ok $id" could be treated as allowlist hits first executable...

7.5CVSS6.1AI score0.0063EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/03 9:41 p.m.11 views

OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution

Summary In OpenClaw's macOS node-host path, system.run allowlist parsing in security=allowlist mode failed to reject command substitution tokens when they appeared inside double-quoted shell text. Because of that gap, payloads like echo "ok $id" could be treated as allowlist hits first executable...

7.5CVSS6.1AI score0.0063EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder