Search CVE reports


Toggle filters

141 – 150 of 42692 results

Status is adjusted based on your filters.


CVE-2026-57214

Medium priority
Needs evaluation

RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges...

1 affected package

rabbitmq-server

Package 20.04 LTS
rabbitmq-server Needs evaluation
Show less packages

CVE-2026-57213

Medium priority
Needs evaluation

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management plugin renders the consumer_tag field on the Federation Status page without HTML escaping, allowing a...

1 affected package

rabbitmq-server

Package 20.04 LTS
rabbitmq-server Needs evaluation
Show less packages

CVE-2026-57212

Medium priority
Needs evaluation

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode and direct_request paths because read_complete_body...

1 affected package

rabbitmq-server

Package 20.04 LTS
rabbitmq-server Needs evaluation
Show less packages

CVE-2026-57211

Medium priority
Needs evaluation

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before...

1 affected package

rabbitmq-server

Package 20.04 LTS
rabbitmq-server Needs evaluation
Show less packages

CVE-2026-55213

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate...

2 affected packages

h2o, dnsdist

Package 20.04 LTS
h2o Needs evaluation
dnsdist Not affected
Show less packages

CVE-2026-57158

Medium priority
Needs evaluation

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only...

3 affected packages

freerdp, freerdp2, freerdp3

Package 20.04 LTS
freerdp
freerdp2 Needs evaluation
freerdp3
Show less packages

CVE-2026-57157

Medium priority
Needs evaluation

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName...

3 affected packages

freerdp, freerdp2, freerdp3

Package 20.04 LTS
freerdp
freerdp2 Needs evaluation
freerdp3
Show less packages

CVE-2026-57156

Medium priority
Needs evaluation

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c when multiplying...

3 affected packages

freerdp, freerdp2, freerdp3

Package 20.04 LTS
freerdp
freerdp2 Needs evaluation
freerdp3
Show less packages

CVE-2026-55827

Medium priority
Needs evaluation

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data...

3 affected packages

freerdp, freerdp2, freerdp3

Package 20.04 LTS
freerdp
freerdp2 Needs evaluation
freerdp3
Show less packages

CVE-2026-53450

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the...

1 affected package

coturn

Package 20.04 LTS
coturn Needs evaluation
Show less packages