Export limit exceeded: 351962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44068 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.6 High |
| Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names. | ||||
| CVE-2023-3898 | 1 Mayanets | 1 E-commerce | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 1.1. | ||||
| CVE-2026-44062 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data. | ||||
| CVE-2026-44061 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 5.9 Medium |
| Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | ||||
| CVE-2026-44060 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. | ||||
| CVE-2023-4034 | 1 Digitatek | 1 Smartrise Document Management System | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection. This issue affects Smartrise Document Management System: before Hvl-2.0. | ||||
| CVE-2026-44052 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials. | ||||
| CVE-2023-4178 | 1 Neutron | 1 Smart Vms | 2026-05-21 | 9.8 Critical |
| Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1. | ||||
| CVE-2026-44063 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 4.2 Medium |
| An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input. | ||||
| CVE-2026-44050 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 9.9 Critical |
| A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service. | ||||
| CVE-2026-44049 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data. | ||||
| CVE-2026-9152 | 1 Altium | 1 Altium 365 | 2026-05-21 | N/A |
| A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's identifier can interact with that workspace's search index, crossing tenant boundaries. Successful exploitation allows reading a workspace's indexed contents (such as component data, project and folder names, and user metadata) and injecting, modifying, or deleting search index entries. These operations affect the search index only, not the underlying vault data, but they can disclose sensitive workspace information and compromise the integrity and availability of search results. Altium 365 cloud deployments are affected; on-premise Altium Enterprise Server is not affected. | ||||
| CVE-2023-4231 | 1 Cevik | 1 Informatics Online Payment System | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection. This issue affects Online Payment System: before 4.09. | ||||
| CVE-2026-44048 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.8 High |
| A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service. | ||||
| CVE-2026-44047 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.8 High |
| An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service. | ||||
| CVE-2026-44051 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.1 High |
| An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation. | ||||
| CVE-2026-2734 | 1 Mlflow | 1 Mlflow/mlflow | 2026-05-21 | 6.5 Medium |
| In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API, and its omission from `GraphQLAuthorizationMiddleware.PROTECTED_FIELDS` for GraphQL. This vulnerability can expose sensitive information such as model names, version descriptions, source URIs, tags, and other metadata, potentially revealing proprietary or confidential details in multi-tenant environments. The issue is resolved in version 3.10.0. | ||||
| CVE-2026-4055 | 1 Mattermost | 1 Mattermost | 2026-05-21 | 4.3 Medium |
| Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request. Mattermost Advisory ID: MMSA-2026-00629 | ||||
| CVE-2026-22880 | 1 Mattermost | 1 Mattermost | 2026-05-21 | 6.1 Medium |
| Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO code exchange flow through the mobile application. Mattermost Advisory ID: MMSA-2025-00564 | ||||
| CVE-2026-44053 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.4 High |
| Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack. | ||||