RDP vulnerabilities

Showing 1 - 34 of 34 CVEs

  1. CVE-2026-21533 Published Feb 10, 2026

    Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  2. CVE-2026-23883 Published Jan 19, 2026

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

  3. CVE-2025-26399 Published Sep 23, 2025

    SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

  4. CVE-2025-47813 Published Jul 10, 2025

    loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

  5. CVE-2025-48817 Published Jul 8, 2025

    Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  6. CVE-2025-47987 Published Jul 8, 2025

    Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

  7. CVE-2025-49113 Published Jun 2, 2025

    Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

  8. CVE-2025-29966 Published May 13, 2025

    Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

  9. CVE-2025-26645 Published Mar 11, 2025

    Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  10. CVE-2025-24045 Published Mar 11, 2025

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

  11. CVE-2025-24035 Published Mar 11, 2025

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

  12. CVE-2025-21297 Published Jan 14, 2025

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  13. CVE-2024-49120 Published Dec 12, 2024

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  14. CVE-2024-49119 Published Dec 12, 2024

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  15. CVE-2024-49075 Published Dec 12, 2024

    Windows Remote Desktop Services Denial of Service Vulnerability

  16. CVE-2024-43599 Published Oct 8, 2024

    Remote Desktop Client Remote Code Execution Vulnerability

  17. CVE-2024-43582 Published Oct 8, 2024

    Remote Desktop Protocol Server Remote Code Execution Vulnerability

  18. CVE-2024-38077 Published Jul 9, 2024

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

  19. CVE-2024-38076 Published Jul 9, 2024

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

  20. CVE-2023-29352 Published Jun 14, 2023

    Windows Remote Desktop Security Feature Bypass Vulnerability

  21. CVE-2022-22015 Published May 10, 2022

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  22. CVE-2022-23285 Published Mar 9, 2022

    Remote Desktop Client Remote Code Execution Vulnerability

  23. CVE-2022-21893 Published Jan 11, 2022

    Remote Desktop Protocol Remote Code Execution Vulnerability

  24. CVE-2021-41371 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  25. CVE-2021-38631 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  26. CVE-2021-36958 Published Aug 12, 2021

    <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>

  27. CVE-2021-34535 Published Aug 12, 2021

    Remote Desktop Client Remote Code Execution Vulnerability

  28. CVE-2020-16997 Published Nov 11, 2020

    Remote Desktop Protocol Server Information Disclosure Vulnerability

  29. CVE-2020-16896 Published Oct 16, 2020

    <p>An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.</p> <p>The update addresses the vulnerability by correcting how RDP handles connection requests.</p>

  30. CVE-2020-0660 Published Feb 11, 2020

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

  31. CVE-2020-0612 Published Jan 14, 2020

    A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

  32. CVE-2020-0611 Published Jan 14, 2020

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

  33. CVE-2020-0610 Published Jan 14, 2020

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.

  34. CVE-2020-0609 Published Jan 14, 2020

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.