Export limit exceeded: 351981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351981 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44049 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data. | ||||
| CVE-2025-67972 | 2 Fox-themes, Wordpress | 2 Prague, Wordpress | 2026-05-21 | 4.3 Medium |
| Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9. | ||||
| CVE-2023-4674 | 1 Yaztekteknoloji | 1 E-commerce | 2026-05-21 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-7836 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.1 Low |
| An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input. | ||||
| CVE-2026-45252 | 2026-05-21 | N/A | ||
| When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated. If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space. | ||||
| CVE-2026-44056 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 6 Medium |
| A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data. | ||||
| CVE-2023-4670 | 1 Innosa Probbys Project | 1 Innosa Probbys | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. This issue affects Probbys: before 2. | ||||
| CVE-2026-4055 | 1 Mattermost | 1 Mattermost | 2026-05-21 | 4.3 Medium |
| Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request. Mattermost Advisory ID: MMSA-2026-00629 | ||||
| CVE-2026-44051 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.1 High |
| An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation. | ||||
| CVE-2026-44052 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials. | ||||
| CVE-2026-44054 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 6.5 Medium |
| Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism. | ||||
| CVE-2026-44055 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code. | ||||
| CVE-2026-44060 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. | ||||
| CVE-2026-44061 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 5.9 Medium |
| Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | ||||
| CVE-2026-44064 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.1 High |
| An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request. | ||||
| CVE-2026-44066 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.1 High |
| Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption. | ||||
| CVE-2026-44067 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.7 Low |
| A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data. | ||||
| CVE-2026-44069 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.4 Low |
| An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input. | ||||
| CVE-2026-44070 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 3.1 Low |
| An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests. | ||||
| CVE-2026-44072 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 2.5 Low |
| Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions. | ||||