Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-30797 — RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application AP…

rustdesk_client | Remote | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-30796 — RustDesk Server Pro API Requires Address Book Password in Plaintext for Sync Protocol

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing A…

rustdesk_server_pro | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-30795 — RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing A…

rustdesk_client | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.1 CRITICAL
CVE-2026-30794 — RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in th…

rustdesk_client | Remote | Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-30793 — RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Conf…

Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privi…

rustdesk_client | Remote | Cross-Site Request Forgery
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.1 CRITICAL
CVE-2026-30792 — RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Securit…

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application…

rustdesk_client | Remote | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-30790 — RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-F…

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on …

Remote | Authentication
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-30789 — RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, An…

rustdesk_client | Remote | Authentication
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.2 HIGH
CVE-2026-30785 — RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XS…

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client…

| Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.8 HIGH
CVE-2026-30784 — RustDesk hbbs/hbbr Servers Broker Connections Without Any Authorization Check

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezv…

Remote | Authentication
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.8 HIGH
CVE-2026-30783 — RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abus…

rustdesk_client | Remote | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-26377 — Koha News Function Cross Site Scripting Vulnerability

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-25048 — xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This …

xgrammar | Remote | Memory Corruption
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
5.4 MEDIUM
CVE-2025-64166 — Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type head…

mercurius | Remote | Cross-Site Request Forgery
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-3598 — RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Ins…

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export mo…

rustdesk_server_pro | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-30791 — RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler,…

rustdesk_client | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-27750 — Avira Internet Security Optimizer TOCTOU

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan…

| Race Condition
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-27749 — Avira Internet Security System Speedup Insecure Deserialization

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privi…

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-27748 — Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2025-69534 — Python-Markdown HTML Injection Denial of Service

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-M…

| Denial of Service
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 5134 Results