CVE-2026-24582

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

CVE-2026-24582

The CVE-2026-24582 entry concerns the WordPress FlexTable plugin (versions up to and including 3.24.0) with a Broken Access Control/Missing Authorization vulnerability. The issue arises from incorrectly configured access control security levels, potentially enabling unauthorized access to sensiti...

PT-2026-43133

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

DEBIAN-CVE-2026-31884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...

CVE-2026-29774

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...

UBUNTU-CVE-2026-31884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...

CVE-2026-31897 FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...

CVE-2026-31897

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...

CVE-2026-31806

Summary: CVE-2026-31806 affects FreeRDP prior to 3.24.0, where the gdi_surface_bits() handler (NSCodec path) can process SURFACE_BITS_COMMAND messages with unsafe bmp.width/bmp.height values, enabling a heap buffer overflow by crafting server data. The issue arises when width/height are not prope...

CVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...

CVE-2026-31884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...

CVE-2026-31883 FreeRDP has a `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...

CVE-2026-29776 FreeRDP has an Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...

EUVD-2026-12059

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...

CVE-2026-29775 FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to...

CVE-2026-29775 FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to...

CVE-2026-29774 FreeRDP has a heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...

CVE-2026-25737

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

EUVD-2026-10355

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...