Lucene search
+L

1256 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 8:47 a.m.10 views

CVE-2026-48877 WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin GenerateBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/26 11:38 p.m.11 views

@fedify/botkit (>=0.4.0-dev.184 <=0.5.0-dev.198), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.5.0-dev.198) +1 more potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.1.0 <=2.1.13)

@fedify/fedify NPM version =2.1.0, =0.4.0-dev.184, =0.4.0-dev.184, =2.1.0, =2.1.13 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...

7CVSS5.4AI score0.00171EPSS
Exploits0
CVE
CVE
added 2026/05/25 8:19 p.m.49 views

CVE-2026-43827

CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.21 views

PT-2026-43118

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description Default configurations contain a session fixation issue. In the affected versions, when a session already exists, it is not invalidated upon successful logi...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References4
NVD
NVD
added 2026/05/21 8:16 a.m.14 views

CVE-2026-44063

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input...

4.2CVSS0.00213EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:14 a.m.12 views

CVE-2026-44074

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

3.7CVSS5.8AI score0.00329EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/21 7:34 a.m.15 views

CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

7.6CVSS5.8AI score0.00322EPSS
Exploits0
CVE
CVE
added 2026/05/21 7:34 a.m.29 views

CVE-2026-44067

Summary: CVE-2026-44067 affects Netatalk 2.1.0 through 4.4.2, where an EA (extended attribute) header parsing heap over-read can allow a remote, network-accessible attacker to cause information disclosure or a minor service disruption. The issue is fixed in Netatalk 4.5.0. Affected component/vers...

4.2CVSS5.8AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.48 views

CVE-2026-44067 EA header parsing heap over-read

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

4.2CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:34 a.m.29 views

CVE-2026-44063

Netatalk LDAP filter injection vulnerability affects Netatalk 2.1.0–4.4.2. The flaw allows manipulation of LDAP queries (via crafted filter input) that could disclose limited information or modify LDAP entries. Root cause: insecure LDAP filter handling. Impact is limited to affected versions; rem...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.43 views

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:34 a.m.22 views

CVE-2026-44052

CVE-2026-44052 affects Netatalk versions 2.1.0 through 4.4.2, where ldap simple-bind passwords are exposed in log output. The underlying issue is log exposure of LDAP credentials, enabling an attacker with log access to obtain credentials. The vulnerability is fixed in Netatalk 4.4.3. As per the ...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42419

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.1.0 through 4.4.2 Description An LDAP injection allows a remote authenticated attacker to manipulate LDAP queries. By providing crafted filter input, an attacker can obtain limited information or modify LDAP entries. LDAP...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Netatalk 路径遍历漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contained a path traversal vulnerability. This vulnerability stemmed from incomplete cleanup of...

7.6CVSS5.8AI score0.00322EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in yajl

There is a memory leak in yajl 2.1.0 when using the yajltreeparse function. This can lead to out-of-memory issues on the server and cause crashes...

6.5CVSS6.6AI score0.01129EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.8 views

SUSE CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

com.datasqrl.flinkrunner:stdlib-json (>=0.9.0-alpha1 <=0.9.0-alpha2), com.datasqrl:sqrl-discovery (>=0.9.0-alpha1 <=0.9.0-alpha2) +14 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.1.0 <=2.1.1)

org.apache.flink:flink-table-runtime MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799797...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.6 views

com.datasqrl:sqrl-discovery (>=0.9.0-alpha1 <=0.9.0-alpha2), com.datasqrl:sqrl-planner (>=0.9.0-alpha1 <=0.9.0-alpha2) +2 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=2.1.0 <=2.1.1)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =2.1.0, =2.1.1 Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/14 5:16 p.m.8 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References5
Rows per page
Query Builder