CVE-2026-44072

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

CVE-2026-44056

A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...

EUVD-2026-31220

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

CVE-2026-44070 Unbounded realloc in charset conversion

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-44069 Integer underflow in volxlate

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

EUVD-2026-31214

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44067 EA header parsing heap over-read

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44063

Netatalk LDAP filter injection vulnerability affects Netatalk 2.1.0–4.4.2. The flaw allows manipulation of LDAP queries (via crafted filter input) that could disclose limited information or modify LDAP entries. Root cause: insecure LDAP filter handling. Impact is limited to affected versions; rem...

EUVD-2026-31233

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

PT-2026-42413

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.3 through 4.2.2 Description A stack-based buffer overflow occurs in desktop.c. This allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data. A stack-based buff...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the Update function. An attacker can cause the process to crash and disrupt service availability by sending a specially crafted BGP UPDATE message with inconsistent attribute lengths that leads to improper...

Devome GRR 安全漏洞

Devome GRR is a data collection and analysis platform for forensic analysis and incident response developed by the French company Devome. Version 4.5.0 of Devome GRR contains a security vulnerability. This vulnerability stems from insufficient validation of the referer and user-agent parameters i...

PT-2026-22334

The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress MailArchiver plugin <= 4.5.0 - Authenticated (Admininistrator+) SQL Injection via 'logid' Parameter vulnerability

Authenticated Admininistrator+ SQL Injection via 'logid' Parameter vulnerability discovered by Ronnachai Chaipha rxnr - Reconix Co., Ltd. in WordPress Plugin MailArchiver versions = 4.5.0...

Improper Control of Dynamically-Managed Code Resources

Overview Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox. An attacker can execute arbitrary operating system commands by injecting malicious Groovy elements to bypass sandbox restrictions. Remediation Upgrade...

SUSE CVE-2023-47113

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been...

CVE-2025-62605 Mastodon quotes control can be bypassed

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...

EUVD-2025-35213

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...

EUVD-2020-8230

Malware in sbrugna...

EUVD-2019-0372

Malware in sbrugna...