CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5271 matches found

Cvelist•added 2026/03/16 9:26 a.m.•25 views

CVE-2025-11500 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

8.7CVSS0.00141EPSS

Exploits0References6

Positive Technologies•added 2026/03/16 12:0 a.m.•3 views

PT-2026-25661

8.7CVSS5.8AI score0.00141EPSS

Exploits0References6

NVD•added 2026/03/13 7:54 p.m.•2 views

CVE-2026-29775

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to...

8.2CVSS0.00101EPSS

Exploits1References2

OSV•added 2026/03/13 7:54 p.m.•2 views

DEBIAN-CVE-2026-29775

8.2CVSS4.6AI score0.00101EPSS

Exploits1References1

UbuntuCve•added 2026/03/13 7:54 p.m.•2 views

CVE-2026-29775

8.2CVSS5.9AI score0.00101EPSS

Exploits1References3

OSV•added 2026/03/13 7:54 p.m.•2 views

UBUNTU-CVE-2026-29775

8.2CVSS5.8AI score0.00101EPSS

Exploits1References4

RedhatCVE•added 2026/03/13 7:48 p.m.•3 views

CVE-2026-29775

A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...

8.2CVSS6.1AI score0.00101EPSS

Exploits1References5

Cvelist•added 2026/03/13 5:28 p.m.•21 views

CVE-2026-29775 FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

5.3CVSS0.00101EPSS

Exploits1References2

Vulnrichment•added 2026/03/13 5:28 p.m.•3 views

CVE-2026-29775 FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

5.3CVSS5.8AI score0.00101EPSS

Exploits1References2

CVE•added 2026/03/13 5:28 p.m.•61 views

CVE-2026-29775

CVE-2026-29775 affects FreeRDP prior to version 3.24.0, where the bitmap cache subsystem is vulnerable to a heap-out-of-bounds condition in bitmap_cache_put. The root cause is an off-by-one boundary check that permits a malicious server to send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to ma...

8.2CVSS5.8AI score0.00101EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2026/03/13 12:23 a.m.•0 views

SUSE CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

6.9CVSS6AI score0.00152EPSS

Exploits0References3

Tenable Nessus•added 2026/03/13 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the...

6.9CVSS6AI score0.00152EPSS

Exploits0References3

RedhatCVE•added 2026/03/12 11:18 p.m.•3 views

CVE-2026-32236

A server side request forgery flaw has been discovered in the npm @backstage/plugin-auth-backend package. The CIMD metadata fetch validates the initial clientid hostname against private IP ranges but does not apply the same validation after HTTP redirects. The practical impact is limited. The...

5.6AI score0.00047EPSS

Exploits0References5

Vulnrichment•added 2026/03/12 6:37 p.m.•1 views

CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...

6.3CVSS5.8AI score0.00047EPSS

Exploits0References2

OSV•added 2026/03/12 8:39 a.m.•1 views

BIT-ENVOY-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

5.3CVSS5.8AI score0.00004EPSS

Exploits1References2

Snyk•added 2026/03/12 12:35 a.m.•1 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the entry.getLastModDate function. An attacker can cause the process or the Node.js server to crash by submitting a malicious zip file containing a malformed NTFS extra field. PoC js // Direct demonstration of the...

6.9CVSS6AI score0.00152EPSS

Exploits0References2

OSV•added 2026/03/12 12:31 a.m.•1 views

GHSA-GMQ8-994R-JV83 yauzl contains an off-by-one error

6.9CVSS6.1AI score0.00152EPSS

Exploits0References6