Every CVE whose affected-product data names Uvnc Ultravnc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2018-15361 — CVSS 9.8 (critical): UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack…
CVE-2019-8258 — CVSS 9.8 (critical): UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be…
CVE-2019-8260 — CVSS 9.8 (critical): UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This…
CVE-2019-8261 — CVSS 9.8 (critical): UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow…
CVE-2019-8262 — CVSS 9.8 (critical): UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code…
CVE-2019-8264 — CVSS 9.8 (critical): UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code…
CVE-2019-8265 — CVSS 9.8 (critical): UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client…
CVE-2019-8266 — CVSS 9.8 (critical): UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer…
CVE-2019-8268 — CVSS 9.8 (critical): UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadStr…
CVE-2019-8271 — CVSS 9.8 (critical): UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially…
CVE-2019-8272 — CVSS 9.8 (critical): UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This…
CVE-2019-8273 — CVSS 9.8 (critical): UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can…
CVE-2019-8274 — CVSS 9.8 (critical): UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can…
CVE-2019-8275 — CVSS 9.8 (critical): UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being…
CVE-2019-8280 — CVSS 9.8 (critical): UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code…
CVE-2026-7839 — CVSS 9.1 (critical): UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings…
CVE-2026-7838 — CVSS 8.8 (high): UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing…
CVE-2022-24750 — CVSS 8.8 (high): UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM…
CVE-2026-7831 — CVSS 7.6 (high): UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In…
CVE-2019-8259 — CVSS 7.5 (high): UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be…
CVE-2020-37133 — CVSS 7.5 (high): UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to…
CVE-2019-8269 — CVSS 7.5 (high): UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial…
CVE-2019-8276 — CVSS 7.5 (high): UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result…
CVE-2019-8277 — CVSS 7.5 (high): UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can…
CVE-2019-8270 — CVSS 7.5 (high): UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service…
CVE-2019-8267 — CVSS 7.5 (high): UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service…
CVE-2026-7830 — CVSS 7.4 (high): UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp…
CVE-2026-7829 — CVSS 7.2 (high): UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In…
CVE-2026-4962 — CVSS 7.0 (high): A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library…
CVE-2026-3787 — CVSS 7.0 (high): A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the…
CVE-2019-8263 — CVSS 6.5 (medium): UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a…
CVE-2020-37132 — CVSS 6.2 (medium): UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers…
CVE-2026-7828 — CVSS 5.3 (medium): UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the…
CVE-2026-44040 — CVSS 4.8 (medium): UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In…
CVE-2026-44041 — CVSS 4.3 (medium): UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the…
CVE-2026-44042 — CVSS 3.7 (low): UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In…