SUSE CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

CVE-2026-44073

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

CVE-2026-7835

Netatalk 3.0.3–4.4.2 are affected by a format string argument mismatch. The issue (CVE-2026-7835) is fixed in 4.5.0. Debates indicate a remote authenticated attacker could cause a minor denial of service via crafted input; CVSS indicates Low impact. Recommended remediation: upgrade to Netatalk 4....

CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

CVE-2026-44072

Netatalk 2.2.1–4.4.2 is affected by a vulnerability where system() is invoked after a failed chdir(), allowing an attacker with local access to trigger unintended commands or cause a minor service disruption under specific conditions. The issue stems from improper handling of the error condition ...

CVE-2026-44072 system() after failed chdir()

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

CVE-2026-44066 Heap out-of-bounds reads in Spotlight RPC unmarshalling

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...

CVE-2026-44058

CVE-2026-44058 affects Netatalk 2.2.2 through 4.4.2 and allows an authentication bypass via the admin auth user mechanism. Root cause described as an authentication bypass, enabling a remote attacker to authenticate as an arbitrary user. The issue is fixed in Netatalk 4.5.0. The CVSS v3.1 baselin...

WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.4.3...

CVE-2023-49183

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to improper verification of message recipients in the non-respondents report feature. An attacker can send messages to arbitrary site users by exploiting this verification...

WordPress Plugin Download Paytium Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-18473 · WordPress · Simple Membership

Name of the Vulnerable Software and Affected Versions: Simple Membership plugin for WordPress versions up to, and including, 4.4.2 Description: The issue is related to Stored Cross-Site Scripting via the Display Name parameter due to insufficient input sanitization and output escaping. This allow...

CVE-2022-28819

Adobe Character Animator versions 4.4.2 and earlier and 22.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicio...

security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...