CVE-2026-7835 - Format string argument mismatch
CVE ID :CVE-2026-7835
Published : May 21, 2026, 8:16 a.m. | 1 hour, 19 minutes ago
Description :A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7835
Published : May 21, 2026, 8:16 a.m. | 1 hour, 19 minutes ago
Description :A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7836 - hextoint macro uppercase bug
CVE ID :CVE-2026-7836
Published : May 21, 2026, 8:16 a.m. | 1 hour, 19 minutes ago
Description :An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7836
Published : May 21, 2026, 8:16 a.m. | 1 hour, 19 minutes ago
Description :An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22880 - Mobile SSO authentication flow allows credential theft via malicious server
CVE ID :CVE-2026-22880
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO code exchange flow through the mobile application. Mattermost Advisory ID: MMSA-2025-00564
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22880
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO code exchange flow through the mobile application. Mattermost Advisory ID: MMSA-2025-00564
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27349 - WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability
CVE ID :CVE-2026-27349
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27349
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27393 - WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability
CVE ID :CVE-2026-27393
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27393
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-44057 - Dead bounds check in Spotlight RPC unmarshaller
CVE ID :CVE-2026-44057
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44057
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-44071 - FORTIFY_SOURCE disabled
CVE ID :CVE-2026-44071
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44071
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-44074 - Bitwise OR of errno values
CVE ID :CVE-2026-44074
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44074
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-44075 - Missing break in DSI OpenSession
CVE ID :CVE-2026-44075
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44075
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45250 - Stack buffer overflow via setcred(2)
CVE ID :CVE-2026-45250
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45250
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4858 - Path traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.
CVE ID :CVE-2026-4858
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action URL.. Mattermost Advisory ID: MMSA-2026-00640
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4858
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action URL.. Mattermost Advisory ID: MMSA-2026-00640
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5433 - Improper Sanitization in CNM Web Interface
CVE ID :CVE-2026-5433
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5433
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5434 - Improper storage of sensitive information
CVE ID :CVE-2026-5434
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5434
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7837 - TOCTOU with root privilege in ad_flush
CVE ID :CVE-2026-7837
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7837
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-9157 - Remote Code Execution in Gmission Web FAX
CVE ID :CVE-2026-9157
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9157
Published : May 21, 2026, 9:16 a.m. | 19 minutes ago
Description :Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28764 - MediaArea MediaInfoLib LXF Element Parsing Heap-Based Buffer Overflow Vulnerability
CVE ID :CVE-2026-28764
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28764
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39461 - select(2) file descriptor set overflow causes stack overflow
CVE ID :CVE-2026-39461
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39461
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41999 - Incorrect Behaviour of Views with TCP PROXY Requests
CVE ID :CVE-2026-41999
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Incorrect Behaviour of Views with TCP PROXY Requests
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41999
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Incorrect Behaviour of Views with TCP PROXY Requests
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42000 - Insufficient Validation of Names During AXFR
CVE ID :CVE-2026-42000
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Insufficient Validation of Names During AXFR
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42000
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Insufficient Validation of Names During AXFR
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42001 - Insufficient Validation of Autoprimary SOA Queries
CVE ID :CVE-2026-42001
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Insufficient Validation of Autoprimary SOA Queries
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42001
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Insufficient Validation of Autoprimary SOA Queries
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42002 - Concurrency and locking defects in GSS-TSIG
CVE ID :CVE-2026-42002
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Concurrency and locking defects in GSS-TSIG
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42002
Published : May 21, 2026, 10:16 a.m. | 3 hours, 20 minutes ago
Description :Concurrency and locking defects in GSS-TSIG
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...