Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14261
Total
958
Critical
4182
High
4527
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4982 | UNKNOWN | — | A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on … | Mar 27, 2026 |
| CVE-2026-4340 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Mar 27, 2026 |
| CVE-2026-4622 | UNKNOWN | — | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | Mar 27, 2026 |
| CVE-2026-4621 | UNKNOWN | — | Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. | Mar 27, 2026 |
| CVE-2026-4620 | UNKNOWN | — | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | Mar 27, 2026 |
| CVE-2026-4619 | UNKNOWN | — | Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. | Mar 27, 2026 |
| CVE-2026-4309 | UNKNOWN | — | Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network. | Mar 27, 2026 |
| CVE-2026-25101 | UNKNOWN | — | Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an … | Mar 27, 2026 |
| CVE-2026-25100 | UNKNOWN | — | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with content upload privileges (such as Author, Editor, or … | Mar 27, 2026 |
| CVE-2026-25099 | UNKNOWN | — | Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then … | Mar 27, 2026 |
| CVE-2023-7339 | MEDIUM | 6.5 | Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 … | Mar 27, 2026 |
| CVE-2026-3457 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects … | Mar 27, 2026 |
| CVE-2026-27860 | LOW | 3.7 | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing … | Mar 27, 2026 |
| CVE-2026-27859 | MEDIUM | 5.3 | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail … | Mar 27, 2026 |
| CVE-2026-27858 | HIGH | 7.5 | Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable … | Mar 27, 2026 |
| CVE-2026-27857 | MEDIUM | 4.3 | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can … | Mar 27, 2026 |
| CVE-2026-27856 | HIGH | 7.4 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring … | Mar 27, 2026 |
| CVE-2026-27855 | MEDIUM | 6.8 | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials … | Mar 27, 2026 |
| CVE-2026-24031 | HIGH | 7.7 | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do … | Mar 27, 2026 |
| CVE-2026-0394 | MEDIUM | 5.3 | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to … | Mar 27, 2026 |
| CVE-2025-59032 | HIGH | 7.5 | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other … | Mar 27, 2026 |
| CVE-2025-59031 | MEDIUM | 4.3 | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents … | Mar 27, 2026 |
| CVE-2025-59028 | MEDIUM | 5.3 | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can … | Mar 27, 2026 |
| CVE-2026-4948 | MEDIUM | 5.5 | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. … | Mar 27, 2026 |
| CVE-2026-34353 | MEDIUM | 5.9 | In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed. | Mar 27, 2026 |