Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
| CVE-2026-7840 | 9.8 CRITICAL | UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE) |
| CVE-2026-7839 | 9.1 CRITICAL | UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin ac |
| CVE-2026-7838 | 8.8 HIGH | UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason |
| CVE-2026-7831 | 7.5 HIGH | UltraVNC viewer off-by-one stack overflow in ServerInit desktop name parsing |
| CVE-2026-7829 | 7.2 HIGH | UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token |
| CVE-2026-7828 | 5.3 MEDIUM | UltraVNC repeater integer overflow in win_log malloc leading to heap overflow |
| CVE-2026-44040 | 4.8 MEDIUM | UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge b |
| CVE-2026-44041 | 4.3 MEDIUM | UltraVNC vncWc2Mb calls wcslen() before validating that the wide string is NUL-terminated |
| CVE-2026-44042 | 3.7 LOW | UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check |
No comments yet