|
141
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before valida…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33516
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures
a photo with the front facing camera, exposing visual information about
the deployment environment.
New
|
CWE-862
Missing Authorization
|
CVE-2026-33093
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
7.5 |
HIGH
Network
|
-
|
-
|
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable
encryption, causing database credentials to be sent in plaintext and
enabling unauthorized database …
New
|
CWE-757
Algorithm Downgrade
|
CVE-2026-32650
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug
configuration details (e.g., SSH/RTTY status), assisting attackers in
reconnaissance against the device.
New
|
CWE-862
Missing Authorization
|
CVE-2026-32648
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrd…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-32624
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the mo…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-32623
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
7.7 |
HIGH
Local
|
-
|
-
|
Anviz CX7 Firmware is
vulnerable because the application embeds reusable certificate/key
material, enabling decryption of MQTT traffic and potential interaction
with device messaging channels at s…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-32324
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
8.8 |
HIGH
Local
|
-
|
-
|
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management c…
New
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2026-32107
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
- |
|
-
|
-
|
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classi…
New
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-32105
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal
to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized
SSH access when combined with deb…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-31927
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
