|
2771
|
- |
|
-
|
-
|
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of …
|
CWE-306
CWE-639
Missing Authentication for Critical Function
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9152
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2772
|
8.4 |
HIGH
Local
|
-
|
-
|
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.
This issue affects Web Fax: from 3.0 before 3.1.
|
CWE-20
CWE-434
Improper Input Validation
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9157
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2773
|
5.3 |
MEDIUM
Network
|
isc
|
bind
|
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resou…
|
CWE-408
Incorrect Behavior Order: Early Amplification
|
CVE-2026-3592
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2774
|
8.8 |
HIGH
Network
|
-
|
-
|
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial o…
|
CWE-89
SQL Injection
|
CVE-2026-44047
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2775
|
8.8 |
HIGH
Network
|
-
|
-
|
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of servi…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-44048
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2776
|
7.5 |
HIGH
Network
|
-
|
-
|
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of serv…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-44049
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2777
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-44050
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2778
|
8.1 |
HIGH
Network
|
-
|
-
|
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink c…
|
CWE-59
Link Following
|
CVE-2026-44051
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2779
|
7.5 |
HIGH
Network
|
-
|
-
|
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-44052
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2780
|
7.4 |
HIGH
Network
|
-
|
-
|
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic at…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-44053
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
