CVE-2026-44072

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

CVE-2026-44072

Netatalk 2.2.1–4.4.2 is affected by a vulnerability where system() is invoked after a failed chdir(), allowing an attacker with local access to trigger unintended commands or cause a minor service disruption under specific conditions. The issue stems from improper handling of the error condition ...

CVE-2026-44072 system() after failed chdir()

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

CVE-2026-26367 JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

CVE-2026-26366 JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

PT-2026-8250

Name of the Vulnerable Software and Affected Versions eNet SMART HOME server versions 2.2.1 and 2.3.1 Description The eNet SMART HOME server is affected by a default credentials issue. The server ships with default credentials 'user:user', 'admin:admin' that remain active after installation and...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.9 and 2.2.1 contained security vulnerabilities. These vulnerabilities were due to improper handling of the Markdown rendering component, which could lead to cross-site scripting attacks,...

WordPress plugin Appointments 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-58962 WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in publitio Publitio publitio allows Server Side Request Forgery.This issue affects Publitio: from n/a through = 2.2.1...

CVE-2025-5844

The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Radius Blocks plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Radius Blocks versions = 2.2.1...

go-api-starter (>=0.0.0 <=1.3.0), redux-starter (>=0.0.0 <=1.1.0) potentially affected by unknown CVE via kik-starter (>=0.0.1 <=2.2.1)

kik-starter NPM version =0.0.1, =0.0.0, =0.0.0, =1.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-24454...

CVE-2025-49047

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in keeross DigitalOcean Spaces Sync do-spaces-sync allows Stored XSS.This issue affects DigitalOcean Spaces Sync: from n/a through = 2.2.1...

CVE-2025-49509

Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through = 2.2.1...

CVE-2024-10357

The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with...

adbdgl-adapter (>=1.0.0 <=3.0.1), alignn (>=2021.9.29 <=2025.4.1) +95 more potentially affected by unknown CVE via dgl (>=0.5.3 <=2.2.1)

dgl PYPI version =0.5.3, =1.0.0, =2021.9.29, =2022.10.23, =0.0.4, =1.0.0, =1.0.0, =0.1.0, =1.0.21, =0.1.1, =1.0.0b3, =0.0.1, =0.2.0, =1.26.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3X5X-FW77-G54C...

adbdgl-adapter (>=1.0.0 <=3.0.1), alignn (>=2021.9.29 <=2025.4.1) +95 more potentially affected by unknown CVE via dgl (>=0.5.3 <=2.2.1)

dgl PYPI version =0.5.3, =1.0.0, =2021.9.29, =2022.10.23, =0.0.4, =1.0.0, =1.0.0, =0.1.0, =1.0.21, =0.1.1, =1.0.0b3, =0.0.1, =0.2.0, =1.26.2 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DGL-9295806...