CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

CVE-2026-8990

The CVE-2026-8990 entry affects the Kidsview mobile application. A user with physical access can bypass the app’s authentication by interacting with push notifications, granting full access to the device owner’s account. Affected behavior is an authentication bypass via the notification channel, ...

CVE-2026-44060

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

CVE-2026-44076 Shell injection via volume path

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

EUVD-2026-31240

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

CVE-2026-44064

Netatalk contains an out-of-bounds access in the ASP session ID handling (affecting 1.3 through 4.4.2). This could allow information disclosure or DoS; CVE-2026-44064 is fixed in 4.4.3. Affected: Netatalk 1.3–4.4.2. Root cause: out-of-bounds read in ASP session ID handling. Remediation: upgrade t...

EUVD-2026-31237

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

EUVD-2026-31230

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

EUVD-2026-31228

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation...

CVE-2026-44049 Out-of-bounds write in convert_charset() null termination

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...

PT-2026-42407

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description An out-of-bounds write occurs due to improper null termination in the convert charset function. This allows a remote authenticated attacker to execute arbitrary code or cause a denial of servic...

PT-2026-25868

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

CVE-2025-69367 WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

WordPress Essential Blocks plugin < 4.4.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Marc Montpas in WordPress Plugin Essential Blocks for Gutenberg versions 4.4.3...

WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

WordPress Oyster - Photography WordPress Theme theme = 4.4.3 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Oyster - Photography WordPress Theme versions = 4.4.3...

CVE-2026-24593

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through = 4.4.3...

CVE-2026-24593 WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through = 4.4.3...

CVE-2026-24593

CVE-2026-24593 affects the WordPress plugin AWP Classifieds (versions 4.4.3 or apply vendor-provided fixes as they become available. (Mode C, details-supported, no speculation.)

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...