Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45251 | HIGH | 7.8 | A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread … | May 21, 2026 |
| CVE-2026-42396 | MEDIUM | 4.9 | Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | May 21, 2026 |
| CVE-2026-42002 | MEDIUM | 5.9 | Concurrency and locking defects in GSS-TSIG | May 21, 2026 |
| CVE-2026-42001 | HIGH | 7.5 | Insufficient Validation of Autoprimary SOA Queries | May 21, 2026 |
| CVE-2026-42000 | MEDIUM | 6.8 | Insufficient Validation of Names During AXFR | May 21, 2026 |
| CVE-2026-41999 | MEDIUM | 4.8 | Incorrect Behaviour of Views with TCP PROXY Requests | May 21, 2026 |
| CVE-2026-39461 | HIGH | 8.8 | libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does … | May 21, 2026 |
| CVE-2026-28764 | HIGH | 7.8 | MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability | May 21, 2026 |
| CVE-2026-9157 | HIGH | 8.4 | Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from … | May 21, 2026 |
| CVE-2026-7837 | LOW | 3.7 | A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to … | May 21, 2026 |
| CVE-2026-5434 | MEDIUM | 5.9 | Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially … | May 21, 2026 |
| CVE-2026-5433 | CRITICAL | 9.1 | Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in … | May 21, 2026 |
| CVE-2026-4858 | HIGH | 8.0 | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an … | May 21, 2026 |
| CVE-2026-45250 | HIGH | 7.8 | The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary … | May 21, 2026 |
| CVE-2026-44075 | LOW | 3.7 | A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in … | May 21, 2026 |
| CVE-2026-44074 | LOW | 3.7 | Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow … | May 21, 2026 |
| CVE-2026-44071 | LOW | 3.7 | Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor … | May 21, 2026 |
| CVE-2026-44057 | LOW | 3.1 | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds … | May 21, 2026 |
| CVE-2026-27393 | MEDIUM | 5.3 | Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through … | May 21, 2026 |
| CVE-2026-27349 | MEDIUM | 4.3 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail … | May 21, 2026 |
| CVE-2026-22880 | MEDIUM | 6.1 | Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling … | May 21, 2026 |
| CVE-2026-7836 | LOW | 3.1 | An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause … | May 21, 2026 |
| CVE-2026-7835 | LOW | 3.1 | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input … | May 21, 2026 |
| CVE-2026-4055 | MEDIUM | 4.3 | Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team … | May 21, 2026 |
| CVE-2026-44076 | MEDIUM | 6.7 | Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a … | May 21, 2026 |