Security Vulnerabilities
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
CVSS Score
3.1
EPSS Score
0.0
Published
2026-01-19
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
CVSS Score
2.8
EPSS Score
0.0
Published
2026-01-19
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
CVSS Score
2.7
EPSS Score
0.001
Published
2026-01-19
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-19
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-19
A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-19
A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-19