Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially…
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…
Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Rem…
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.
Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Ma…
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a t…
In Netatalk 2.0.0 through 4.4.2, hextoint macro uppercase bug. Fixed in 4.5.0.
In Netatalk 3.0.3 through 4.4.2, format string argument mismatch. Fixed in 4.5.0.
Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in…
In Netatalk 3.1.0 through 4.4.2, shell injection via volume path. Fixed in 4.4.3.
In Netatalk 1.5.0 through 4.4.2, seteuid failure ignored in auth modules. Fixed in 4.5.0.
In Netatalk 2.2.1 through 4.4.2, system() after failed chdir(). Fixed in 4.5.0.
In Netatalk 2.0.0 through 4.4.2, unbounded realloc in charset conversion. Fixed in 4.5.0.
In Netatalk 3.0.0 through 4.4.2, integer underflow in volxlate. Fixed in 4.5.0.
In Netatalk 2.1.0 through 4.4.2, ea path traversal via incomplete sanitization. Fixed in 4.4.3.
In Netatalk 2.1.0 through 4.4.2, ea header parsing heap over-read. Fixed in 4.5.0.
In Netatalk 3.1.0 through 4.4.2, heap out-of-bounds reads in spotlight rpc unmarshalling. Fixed in 4.4.3.
In Netatalk 2.0.0 through 4.4.2, off-by-two in papd lp_write(). Fixed in 4.5.0.
In Netatalk 1.3 through 4.4.2, asp session id out-of-bounds access. Fixed in 4.4.3.
In Netatalk 2.1.0 through 4.4.2, ldap filter injection. Fixed in 4.5.0.