Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-30797 — RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application AP…

rustdesk_client | Remote | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-30796 — RustDesk Server Pro API Requires Address Book Password in Plaintext for Sync Protocol

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing A…

rustdesk_server_pro | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-30795 — RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing A…

rustdesk_client | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.1 CRITICAL
CVE-2026-30794 — RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in th…

rustdesk_client | Remote | Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-30793 — RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Conf…

Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privi…

rustdesk_client | Remote | Cross-Site Request Forgery
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.1 CRITICAL
CVE-2026-30792 — RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Securit…

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application…

rustdesk_client | Remote | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-30790 — RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-F…

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on …

Remote | Authentication
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-30789 — RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, An…

rustdesk_client | Remote | Authentication
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.2 HIGH
CVE-2026-30785 — RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XS…

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client…

| Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.8 HIGH
CVE-2026-30784 — RustDesk hbbs/hbbr Servers Broker Connections Without Any Authorization Check

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezv…

Remote | Authentication
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.8 HIGH
CVE-2026-30783 — RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abus…

rustdesk_client | Remote | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-26377 — Koha News Function Cross Site Scripting Vulnerability

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-25048 — xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This …

xgrammar | Remote | Memory Corruption
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
5.4 MEDIUM
CVE-2025-64166 — Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type head…

mercurius | Remote | Cross-Site Request Forgery
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-3598 — RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Ins…

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export mo…

rustdesk_server_pro | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.7 HIGH
CVE-2026-30791 — RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler,…

rustdesk_client | Remote | Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-27750 — Avira Internet Security Optimizer TOCTOU

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan…

| Race Condition
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-27749 — Avira Internet Security System Speedup Insecure Deserialization

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privi…

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-27748 — Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2025-69534 — Python-Markdown HTML Injection Denial of Service

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-M…

| Denial of Service
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 5134 Results