CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 6 days ago•3 views

CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

5.8AI score0.00033EPSS

CVE•added 6 days ago•19 views

CVE-2026-5343

CVE-2026-5343 affects the Drupal SAML SSO - Service Provider module. The issue is an improper check for unusual or exceptional conditions that enables privilege escalation. Affected versions are 0.0.0 up to, but not including, 3.1.4. The CVSSv3.1 vector indicates NETWORK attack, high complexity, ...

7.4CVSS5.8AI score0.00033EPSS

Exploits0References1Affected Software1

CNNVD•added 6 days ago•3 views

Drupal SAML SSO - Service Provider 安全漏洞

Drupal SAML SSO – Service Provider is a Drupal Single Sign-On and SAML authentication module provided by the Drupal company. Versions of Drupal SAML SSO – Service Provider prior to 3.1.4 contained a security vulnerability. This vulnerability stemmed from improper exception condition checks, which...

7.4CVSS5.8AI score0.00033EPSS

OSV•added 6 days ago•5 views

OPENSUSE-SU-2026:10870-1 389-ds-3.1.4+e9d94d45a-1.1 on GA media

These are all security issues fixed in the 389-ds-3.1.4+e9d94d45a-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00109EPSS

NVD•added 2026/05/21 8:16 a.m.•5 views

CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

7.5CVSS0.00256EPSS

CVE•added 2026/05/21 7:34 a.m.•11 views

CVE-2026-44055

Netatalk 3.1.4–4.4.2 contains a bitwise OR/logic bug that permits shell injection. The issue affects Netatalk’s AFP implementation and can lead to remote command execution (high impact). Fixed in version 4.4.3. Affected: Netatalk 3.1.4–4.4.2; Remediation: upgrade to 4.4.3 or later. Exploitation s...

AlpineLinux•added 2026/05/21 7:34 a.m.•8 views

CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

CNNVD•added 2026/05/21 12:0 a.m.•4 views

Exploits0

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.4 to 4.4.2 of Netatalk contained a vulnerability related to operating system command injection. This vulnerability...

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42412

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в jinja2

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys that contain non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each of these characters would be interpreted as the start of a separate attribute. If an...

5.4CVSS6.6AI score0.0123EPSS

OSV•added 2026/05/18 1:20 p.m.•4 views

JLSEC-2026-499

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

6.1CVSS6AI score0.00039EPSS

Exploits1References10

OSV•added 2026/05/04 9:15 p.m.•2 views

GHSA-C9PH-GXWW-7744 Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed restricted contexts, it fails to...

9CVSS5.8AI score0.00104EPSS

Exploits0References3

IBM Security Bulletins•added 2026/05/04 12:47 p.m.•4 views

Security Bulletin:Werkzeug Safe Join Function Vulnerability: Path Segments with Windows Device Names Prior to Version 3.1.4

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

6.3CVSS5.9AI score0.00032EPSS

Exploits0Affected Software1

CVE•added 2026/04/30 1:28 p.m.•3 views

CVE-2026-2892

Summary (CVE-2026-2892): The Otter Blocks WordPress plugin (all versions up to 3.1.4) is vulnerable to a Purchase Verification Bypass. The root cause is the get_customer_data function relying on an unsigned o_stripe_data cookie to determine Stripe product ownership for unauthenticated users, whil...

7.5CVSS5.3AI score0.00081EPSS

Exploits0References5

Cvelist•added 2026/04/29 7:24 p.m.•22 views

CVE-2018-25312 LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...

7.1CVSS0.01263EPSS

NVD•added 2026/04/17 10:16 p.m.•1 views

CVE-2026-40478

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...

9CVSS0.00055EPSS