Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

uvnc — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting uvnc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Uvnc is a remote desktop solution enabling system administration and remote access across networks. Historically, it has been susceptible to multiple remote code execution vulnerabilities, often through improper input validation and insecure authentication mechanisms. Privilege escalation flaws have also been common, allowing unauthorized users to gain elevated system access. The software's network-facing nature and complex protocol implementation have contributed to security issues, with four CVEs documenting these weaknesses. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities in remote access tools like Uvnc highlights the importance of proper configuration and timely patching to mitigate potential attack vectors.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7840 UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE) — UltraVNCCWE-787 9.8 Critical2026-07-01
CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access — UltraVNCCWE-798 9.1 Critical2026-07-01
CVE-2026-7838 UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason length — UltraVNCCWE-190 8.8 High2026-07-01
CVE-2026-7831 UltraVNC viewer off-by-one stack overflow in ServerInit desktop name parsing — UltraVNCCWE-193 7.5 High2026-07-01
CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception — UltraVNCCWE-326 7.4 High2026-07-01
CVE-2026-7829 UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token — UltraVNCCWE-787 7.2 High2026-07-01
CVE-2026-7828 UltraVNC repeater integer overflow in win_log malloc leading to heap overflow — UltraVNCCWE-190 5.3 Medium2026-07-01
CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes — UltraVNCCWE-338 4.8 Medium2026-07-01
CVE-2026-44041 UltraVNC vncWc2Mb calls wcslen() before validating that the wide string is NUL-terminated — UltraVNCCWE-125 4.3 Medium2026-07-01
CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check — UltraVNCCWE-193 3.7 Low2026-07-01
CVE-2019-25601 UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow — UltraVNC LauncherCWE-787 6.2 Medium2026-03-22
CVE-2019-25600 UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow — UltraVNC ViewerCWE-787 6.5 Medium2026-03-22
CVE-2019-25564 PCHelpWareV2 1.0.0.5 Denial of Service via Group Field — PCHelpWareV2CWE-787 5.5 Medium2026-03-21
CVE-2019-25563 PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation — PCHelpWareV2CWE-226 6.2 Medium2026-03-21

This page lists every published CVE security advisory associated with uvnc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.