Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45700 |
|
Out-of-Bounds Write in c (CVE-2026-45700)
out-of-bounds write in c (CVE-2026-45700). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-44420 |
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel b...
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process...
|
| CVE-2026-44421 |
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
|
| CVE-2026-44422 |
|
Vulnerability in freerdp (CVE-2026-44422)
vulnerability in freerdp (CVE-2026-44422). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-40033 |
|
Vulnerability in freerdp (CVE-2026-40033)
vulnerability in freerdp (CVE-2026-40033). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33986 |
|
Vulnerability in c (CVE-2026-33986)
vulnerability in c (CVE-2026-33986). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33984 |
|
Vulnerability in c (CVE-2026-33984)
vulnerability in c (CVE-2026-33984). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33983 |
|
Vulnerability in dos (CVE-2026-33983)
vulnerability in dos (CVE-2026-33983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31806 |
|
Vulnerability in freerdp (CVE-2026-31806)
vulnerability in freerdp (CVE-2026-31806). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.24.0` or later.
|
| CVE-2026-26965 |
|
Out-of-Bounds Write in freerdp (CVE-2026-26965)
out-of-bounds write in freerdp (CVE-2026-26965). Successful exploitation can lead to full system takeover. Exploitable via ``pDstData``.
|
| CVE-2026-26955 |
|
Out-of-Bounds Write in c (CVE-2026-26955)
out-of-bounds write in c (CVE-2026-26955). Successful exploitation can lead to full system takeover. Exploitable via ``xfreerdp``.
|
| CVE-2026-24678 |
|
Use-After-Free in freerdp (CVE-2026-24678)
vulnerability in freerdp (CVE-2026-24678). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.22.0` or later.
|
| CVE-2026-23883 |
|
Use-After-Free in dos (CVE-2026-23883)
vulnerability in dos (CVE-2026-23883). Successful exploitation can lead to full system takeover. Exploitable via ``xf_Pointer_New``.
|
| CVE-2026-23884 |
|
Use-After-Free in dos (CVE-2026-23884)
vulnerability in dos (CVE-2026-23884). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23533 |
|
Vulnerability in dos (CVE-2026-23533)
vulnerability in dos (CVE-2026-23533). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23534 |
|
Vulnerability in dos (CVE-2026-23534)
vulnerability in dos (CVE-2026-23534). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23532 |
|
Vulnerability in dos (CVE-2026-23532)
vulnerability in dos (CVE-2026-23532). Successful exploitation can lead to full system takeover. Exploitable via ``gdi_SurfaceToSurface``.
|
| CVE-2026-23530 |
|
Vulnerability in dos (CVE-2026-23530)
vulnerability in dos (CVE-2026-23530). Successful exploitation can lead to full system takeover. Exploitable via ``freerdp_bitmap_decompress_planar``.
|
| CVE-2026-23531 |
|
Vulnerability in dos (CVE-2026-23531)
vulnerability in dos (CVE-2026-23531). Successful exploitation can lead to full system takeover. Exploitable via ``glyphData``.
|
| CVE-2026-22858 |
|
Out-of-Bounds Read in c (CVE-2026-22858)
vulnerability in c (CVE-2026-22858). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2026-22859 |
|
Out-of-Bounds Read in freerdp (CVE-2026-22859)
vulnerability in freerdp (CVE-2026-22859). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2026-22855 |
|
Out-of-Bounds Read in freerdp (CVE-2026-22855)
vulnerability in freerdp (CVE-2026-22855). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2026-22853 |
|
Out-of-Bounds Write in freerdp (CVE-2026-22853)
out-of-bounds write in freerdp (CVE-2026-22853). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2025-4478 |
|
Vulnerability in dos (CVE-2025-4478)
vulnerability in dos (CVE-2025-4478). Risk of unauthorized operations or information disclosure.
|