|
3341
|
3.1 |
LOW
Network
|
-
|
-
|
A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen…
|
CWE-561
Dead Code
|
CVE-2026-44057
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3342
|
3.7 |
LOW
Network
|
-
|
-
|
Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of servic…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-44071
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3343
|
3.7 |
LOW
Network
|
-
|
-
|
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker…
|
CWE-682
Incorrect Calculation
|
CVE-2026-44074
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3344
|
3.7 |
LOW
Network
|
-
|
-
|
A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session op…
|
CWE-484
|
CVE-2026-44075
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3345
|
3.7 |
LOW
Network
|
-
|
-
|
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited da…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-7837
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3346
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.
This issue affects Gift Cards For WooCommerce Pro: from n/a th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-45444
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3347
|
6.1 |
MEDIUM
Network
|
-
|
-
|
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse() function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload cont…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47099
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3348
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta AJAX action due to missing validation on…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1881
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3349
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all version…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4811
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3350
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1543
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
