Lucene search
+L

10 matches found

NVD
NVD
added 2026/07/10 8:16 p.m.7 views

CVE-2026-57850

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 7:53 p.m.9 views

EUVD-2026-43008

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 7:53 p.m.17 views

CVE-2026-57850

RustDesk before 1.4.9 fails to enforce a session’s authorized connection scope on the server side. A peer with a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options intended for a full Remote session, enabling actions outside its g...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 7:53 p.m.35 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS0.00334EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:53 p.m.9 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/04/16 12:0 a.m.6 views

PT-2020-12873 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.6 Description: The issue arises from the fact that any Cross-Site Request Forgery CSRF token in any user's session can be used in another user's session. Normally, CSRF tokens should be unique to each user's session and...

8.8CVSS7AI score0.00986EPSS
Exploits1References9
OSV
OSV
added 2016/07/08 7:50 p.m.6 views

MGASA-2016-0244 Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

8.2CVSS8.1AI score0.25737EPSS
Exploits0References4
Mageia
Mageia
added 2016/07/08 7:50 p.m.47 views

Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

8.2CVSS1.6AI score0.25737EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/07 12:0 a.m.47 views

JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...

8.1CVSS8.5AI score0.13122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/07 12:0 a.m.48 views

JVN#65044642: Apache Struts 1 vulnerable to input validation bypass

The Apache Struts 1 Validator contains a vulnerability where input validation configurations validation rules, error messages, etc. may be modified. This occurs when the following ActionForm including its subclasses are in the session scope. ValidatorForm ValidatorActionForm Impact Effects vary...

8.2CVSS7.9AI score0.25737EPSS
Exploits0
Rows per page
Query Builder