10 matches found
CVE-2026-4821
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error...
CVE-2026-4821
The CVE-2026-4821 entry describes an improper neutralization of special elements vulnerability in GitHub Enterprise Server . It allows an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields (e.g., http_pro...
CVE-2026-23534 FreeRDP has heap-buffer-overflow in clear_decompress_bands_data
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...
CVE-2026-23532
CVE-2026-23532 affects the FreeRDP client prior to version 3.21.0, where a heap buffer overflow can be triggered in the FreeRDP client’s gdi_SurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. This can lead to a crash (DoS) and potential heap c...
CVE-2026-22854 FreeRDP has a heap-buffer-overflow in drive_process_irp_read
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...
CVE-2026-22853 FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...
WordPress plugin Photonic Gallery & Lightbox for Flickr, SmugMug & Others 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...
CVE-2023-21115
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
WordPress SEO Plugin by Squirrly SEO plugin < 12.3.21 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SEO Plugin by Squirrly SEO versions 12.3.21...
Archon Cross-Site Scripting Vulnerability
Archon is a system of online catalog sites for manuscript collections at the Maine Maritime Museum. A cross-site scripting vulnerability exists in the packages/core/contact.php file in Archon version 3.21 rev-1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HT...