Lucene search
+L

2355 matches found

nvd
nvd
added 2026/05/26 6:16 p.m.22 views

CVE-2026-44776

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS0.0025EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/26 5:29 p.m.38 views

CVE-2026-44776 Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS0.0025EPSS
Exploits0References1
euvd
euvd
added 2026/05/26 5:29 p.m.19 views

EUVD-2026-31937

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.7AI score0.0025EPSS
Exploits0References1
cve
cve
added 2026/05/26 5:29 p.m.23 views

CVE-2026-44776

Kavita (cross‑platform reading server) prior to 0.9.0 did not enforce library‑level authorization for several download and metadata endpoints, allowing a low‑privileged user who knows a chapterId/volumeId/seriesId to access unrelated library content. Affected endpoints include /api/Download/volum...

5.9CVSS5.7AI score0.0025EPSS
Exploits0References1
osv
osv
added 2026/05/26 5:29 p.m.2 views

CVE-2026-44776 Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.8AI score0.0025EPSS
Exploits0References3
thn
thn
added 2026/05/25 11:30 a.m.28 views

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response NDR and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positive...

5.8AI score
Exploits0
susecve
susecve
added 2026/05/22 2:19 a.m.12 views

SUSE CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS5.8AI score0.00094EPSS
Exploits0References3
susecve
susecve
added 2026/05/22 2:19 a.m.10 views

SUSE CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References3
github
github
added 2026/05/21 8:17 p.m.13 views

Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

6.9CVSS6.2AI score0.00364EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/05/21 8:16 a.m.20 views

CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS0.0013EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/21 7:35 a.m.7 views

CVE-2026-44076 Shell injection via volume path

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References1
cve
cve
added 2026/05/21 7:35 a.m.26 views

CVE-2026-44076

CVE-2026-44076 affects Netatalk versions 3.1.0 through 4.4.2, with shell injection via volume path. The issue arises from insufficient sanitization of volume paths and is fixed in 4.4.3. Impact is described as local, with potential for arbitrary code execution by a local privileged user through a...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/21 7:35 a.m.44 views

CVE-2026-44076 Shell injection via volume path

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS0.0013EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/21 7:35 a.m.8 views

CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/05/21 7:35 a.m.11 views

EUVD-2026-31219

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/05/21 7:35 a.m.23 views

CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/05/21 7:34 a.m.10 views

CVE-2026-44069 Integer underflow in volxlate

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS5.8AI score0.00094EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/21 7:34 a.m.10 views

CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS5.8AI score0.00094EPSS
Exploits0References2Affected Software1
alpinelinux
alpinelinux
added 2026/05/21 7:34 a.m.11 views

CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS5.8AI score0.00094EPSS
Exploits0
cnnvd
cnnvd
added 2026/05/21 12:0 a.m.16 views

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a vulnerability related to operating system command injection. This vulnerability stems fr...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References2
Rows per page
Query Builder