Lucene search
K

354 matches found

CVE
CVE
added 6 hours ago4 views

CVE-2026-7840

CVE-2026-7840 (UltraVNC repeater) : A global buffer overflow in the embedded HTTP administration server affects UltraVNC repeater versions up to 1.8.2.2. The functions wi_senderr() and wi_replyhdr() copy the caller-supplied HTTP request URI into a fixed 1000-byte buffer (hdrbuf) using unchecked s...

9.8CVSS6.6AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40886

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS6.6AI score
Exploits0References2
CVE
CVE
added 6 hours ago4 views

CVE-2026-7839

UltraVNC repeater up to version 1.8.2.2 contains a hardcoded default admin password that is written during first run when settings2.txt is absent. Specifically, repeater/webgui/settings.c assigns the literal string "adminadmi2" to saved_password (64 bytes) and the HTTP Basic-auth handler wi_decod...

9.1CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40885

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40884

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field type CARD32 is passed as reasonLen+1 to CheckBufferSize. Because both...

8.8CVSS6.6AI score
Exploits0References2
CVE
CVE
added 6 hours ago3 views

CVE-2026-7831

UltraVNC viewer

7.6CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40883

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS6.1AI score
Exploits0References2
CVE
CVE
added 6 hours ago4 views

CVE-2026-7830

CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...

7.4CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago2 views

EUVD-2026-40882

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score
Exploits0References2
CVE
CVE
added 6 hours ago3 views

CVE-2026-7829

UltraVNC repeater (= destination size, the NUL byte is written past the end of the stack array, corrupting adjacent data and potentially enabling code execution on the repeater host. An attacker with admin credentials (including via CVE-2026-7839 default password) can trigger this. The provided d...

7.2CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40881

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

9.1CVSS6.3AI score
Exploits0References2
CVE
CVE
added 6 hours ago4 views

CVE-2026-7828

UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...

5.3CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40880

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...

5.3CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40879

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 6 hours ago5 views

CVE-2026-44041

UltraVNC

4.3CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40878

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

4.3CVSS5.9AI score
Exploits0References2
CVE
CVE
added 6 hours ago3 views

CVE-2026-44042

UltraVNC repeater up to version 1.8.2.2 contains an off-by-one bug in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, wi_uudecode() uses a strict > check to ensure output fits the buffer, but the correct condition is >=. When strlen(authdata) ...

3.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40877

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.5 views

CVE-2026-4962

A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by...

7.3CVSS6.4AI score0.00229EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 6:31 p.m.4 views

EUVD-2026-16725

A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by...

7.3CVSS6.4AI score0.00229EPSS
Exploits1References5
Rows per page
Query Builder