Overview
- uvnc
- UltraVNC
01 Jul 2026
Published
01 Jul 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
1.20%
KEV
Description
UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. The HTTP receive buffer accepts URIs up to approximately 150 KB (WI_RXBUFSIZE = 153600), so an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) can overflow hdrbuf by at least 500 bytes with a single HTTP request containing a URI of 1500 bytes or longer, corrupting adjacent .bss-segment globals. The overflow occurs before any authentication check, making it reachable without credentials. A remote, unauthenticated attacker can achieve arbitrary code execution on the host running the repeater.
Statistics
- 1 Post
Last activity: Last hour
Fediverse
Two UltraVNC repeater vulnerabilities enable arbitrary code execution (CVE-2026-7840) plus admin access via a hardcoded password. Update now.
#UltraVNC #RemoteAccess #CVE20267839 #CVE20267840 #ArbitraryCodeExecution #BufferOverflow #Vulnerability
Overview
Description
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PID). This predictable filename is created without exclusive access or existence checks.
A local attacker can pre‑create the predicted temporary file path as a symbolic link pointing to an arbitrary file writable by the victim. When gzexe runs, it follows the symlink and overwrites the target file, resulting in a time‑of‑check to time‑of‑use (TOCTOU) condition that allows arbitrary file overwrite.
This issue has been fixed in the commit 4e6f8b24ab823146ab8776f0b7fe486ab34d4269
Statistics
- 1 Post
Last activity: 18 hours ago
Fediverse
A GNU gzip vulnerability (CVE-2026-41991) lets a local attacker overwrite files through a gzexe symlink attack. Update to the patched gzip release now.
#GNUgzip #gzip #CVE202641991 #CVE202641992 #gzexe #LinuxSecurity #Vulnerability
Overview
- uvnc
- UltraVNC
01 Jul 2026
Published
01 Jul 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.33%
KEV
Description
UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password, 64, "adminadmi2"). The HTTP Basic-auth handler wi_decode_auth() checks this password without rate-limiting or lockout. Any remote attacker who can reach the repeater HTTP port (default TCP 80) can authenticate as administrator using the well-known default credential on a fresh or unmodified installation, gaining full control of the repeater configuration including allow/deny rules and session visibility.
Statistics
- 1 Post
Last activity: Last hour
Fediverse
Two UltraVNC repeater vulnerabilities enable arbitrary code execution (CVE-2026-7840) plus admin access via a hardcoded password. Update now.
#UltraVNC #RemoteAccess #CVE20267839 #CVE20267840 #ArbitraryCodeExecution #BufferOverflow #Vulnerability
Overview
- Adobe
- ColdFusion
30 Jun 2026
Published
30 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.48%
KEV
Description
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
- Adobe
- ColdFusion
30 Jun 2026
Published
01 Jul 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.92%
KEV
Description
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
- Adobe
- ColdFusion
30 Jun 2026
Published
01 Jul 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
1.02%
KEV
Description
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Statistics
- 1 Post
Last activity: 6 hours ago