Export limit exceeded: 352051 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352051 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39310 | 1 Triliumnext | 1 Trilium | 2026-05-21 | 8.6 High |
| Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment. When Trilium detects an Electron environment, it explicitly disables authentication middleware for the Clipper API, exposing endpoints such as /api/clipper/notes to the network with no password, API token, or CSRF protection. An attacker on a shared network (for example, a corporate LAN or public Wi-Fi) can scan for open high-range ports using a tool like nmap, since Trilium often binds to ports such as 37840. Once a candidate port is found, an unauthenticated request to the Clipper handshake endpoint, which also bypasses authentication, confirms a Trilium instance by returning the application name and protocol version. This facilitates unauthorized data access, phishing, and local system compromise. The issue has been fixed in version 0.102.2. | ||||
| CVE-2023-3653 | 1 Digital-ant | 1 Digital Ant | 2026-05-21 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS. This issue affects E-Commerce Software: before 11. | ||||
| CVE-2026-44069 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.4 Low |
| An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input. | ||||
| CVE-2026-44070 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.1 Low |
| An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests. | ||||
| CVE-2026-44072 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 2.5 Low |
| Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions. | ||||
| CVE-2026-9139 | 1 Taiko | 1 Ag1000-01a Sms Alert Gateway | 2026-05-21 | 9.8 Critical |
| Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device. | ||||
| CVE-2026-44075 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options. | ||||
| CVE-2023-3716 | 1 Oduyo | 1 Online Collection | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Software: before 1.0.1. | ||||
| CVE-2026-7837 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions. | ||||
| CVE-2026-44067 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data. | ||||
| CVE-2026-44066 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.1 High |
| Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption. | ||||
| CVE-2026-44065 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data. | ||||
| CVE-2026-9133 | 1 Aws | 1 Rabbitmq Aws | 2026-05-21 | 7.7 High |
| Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys. | ||||
| CVE-2023-3717 | 1 Farmakom | 1 Remote Administration Console | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02. | ||||
| CVE-2026-47782 | 1 Siber Systems | 1 Android App | 2026-05-21 | N/A |
| Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor notification. | ||||
| CVE-2026-44064 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.1 High |
| An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request. | ||||
| CVE-2026-44068 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.6 High |
| Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names. | ||||
| CVE-2023-3898 | 1 Mayanets | 1 E-commerce | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 1.1. | ||||
| CVE-2026-44062 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data. | ||||
| CVE-2026-44061 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 5.9 Medium |
| Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | ||||