CVE-2026-44074

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

Netatalk 路径遍历漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contained a path traversal vulnerability. This vulnerability stemmed from incomplete cleanup of...

SUSE CVE-2026-8149

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

PT-2025-47205

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.1.0 through 2.1.14 Description IBM Planning Analytics Local versions 2.1.0 through 2.1.14 stores sensitive information within its source code. This could potentially be leveraged in subsequent attacks...

CVE-2025-0987

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103...

CVE-2025-59833

Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...

Flag Forge 信息泄露漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An information disclosure vulnerability exists in Flag Forge versions 2.1.0 through prior to 2.3.0, which stems from an API endpoint where GET /api/problems/:id returns a challenge prompt in plaintext, which could lead to...

PT-2023-15699 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.1.0p11 Description: The issue allows an attacker to perform a limited Server-Side Request Forgery SSRF in the agent-receiver component, enabling communication with local network restricted endpoints through th...

PT-2023-8901

Name of the Vulnerable Software and Affected Versions Rack versions 1.5.0 through 2.0.9.1 Rack versions 2.1.0 through 2.1.4.1 Rack versions 2.2.0 through 2.2.6.1 Rack versions 3.0.0 through 3.0.0.0 Description A denial of service vulnerability in the Range header parsing component of Rack can cau...

Zulip 安全漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A logic error vulnerability exists in Zulip versions 2.1.0 through 5.2, which originates when the server incorrectl...

02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11750 more potentially affected by CVE-2021-29059 via is-svg (>=2.1.0 <=4.2.2)

is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-29059 Source advisory: OSV:GHSA-R8J5-H5CX-65GG...

aglvq (=1.0.0), beacon-trellis (=0.1.0) +64 more potentially affected by CVE-2020-26267 via tensorflow (>=2.1.0 <=2.1.2)

tensorflow PYPI version =2.1.0, =3.0.0, =0.0.1, =0.2.0, =0.0.2, =0.1.0, =1.1.0, =0.2.0rc1, =0.2.0rc3 and more Source cves: CVE-2020-26267 Source advisory: OSV:GHSA-C9F3-9WFR-WGH7...

Mautic Load Page Cross-Site Scripting Vulnerability

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in the Mautic loading page in Mautic versions 2.1.0 through 2.11.0. A remote attacker can exploit the...