Export limit exceeded: 352097 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352097 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44072 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 2.5 Low |
| Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions. | ||||
| CVE-2026-9139 | 1 Taiko | 1 Ag1000-01a Sms Alert Gateway | 2026-05-21 | 9.8 Critical |
| Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device. | ||||
| CVE-2026-44075 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options. | ||||
| CVE-2023-3716 | 1 Oduyo | 1 Online Collection | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Software: before 1.0.1. | ||||
| CVE-2026-7837 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions. | ||||
| CVE-2026-44067 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data. | ||||
| CVE-2026-44066 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.1 High |
| Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption. | ||||
| CVE-2026-44065 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data. | ||||
| CVE-2026-9133 | 1 Aws | 1 Rabbitmq Aws | 2026-05-21 | 7.7 High |
| Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys. | ||||
| CVE-2023-3717 | 1 Farmakom | 1 Remote Administration Console | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02. | ||||
| CVE-2026-47782 | 1 Siber Systems | 1 Android App | 2026-05-21 | N/A |
| Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor notification. | ||||
| CVE-2026-44064 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.1 High |
| An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request. | ||||
| CVE-2026-44068 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.6 High |
| Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names. | ||||
| CVE-2023-3898 | 1 Mayanets | 1 E-commerce | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 1.1. | ||||
| CVE-2026-44062 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data. | ||||
| CVE-2026-44061 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 5.9 Medium |
| Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | ||||
| CVE-2026-44060 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. | ||||
| CVE-2023-4034 | 1 Digitatek | 1 Smartrise Document Management System | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection. This issue affects Smartrise Document Management System: before Hvl-2.0. | ||||
| CVE-2026-44052 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials. | ||||
| CVE-2023-4178 | 1 Neutron | 1 Smart Vms | 2026-05-21 | 9.8 Critical |
| Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1. | ||||