Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.9 MEDIUM
CVE-2026-5434 — Improper storage of sensitive information

Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially…

Remote | Path Traversal
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45250 — Stack buffer overflow via setcred(2)

The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.1 CRITICAL
CVE-2026-5433 — Improper Sanitization in CNM Web Interface

Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Rem…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.3 MEDIUM
CVE-2026-27393 — WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.

Remote | Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.1 MEDIUM
CVE-2026-22880 — Mobile SSO authentication flow allows credential theft via malicious server

Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Ma…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.3 MEDIUM
CVE-2026-27349 — WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a t…

Remote | Information Disclosure
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
3.1 LOW
CVE-2026-7836 — hextoint macro uppercase bug

In Netatalk 2.0.0 through 4.4.2, hextoint macro uppercase bug. Fixed in 4.5.0.

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
3.1 LOW
CVE-2026-7835 — Format string argument mismatch

In Netatalk 3.0.3 through 4.4.2, format string argument mismatch. Fixed in 4.5.0.

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.3 MEDIUM
CVE-2026-4055 — Insufficient permission validation on cross-team playbook run creation

Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in…

Remote | Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.7 MEDIUM
CVE-2026-44076 — Shell injection via volume path

In Netatalk 3.1.0 through 4.4.2, shell injection via volume path. Fixed in 4.4.3.

| Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.0 MEDIUM
CVE-2026-44073 — seteuid failure ignored in auth modules

In Netatalk 1.5.0 through 4.4.2, seteuid failure ignored in auth modules. Fixed in 4.5.0.

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
3.0 LOW
CVE-2026-44072 — system() after failed chdir()

In Netatalk 2.2.1 through 4.4.2, system() after failed chdir(). Fixed in 4.5.0.

| Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
3.1 LOW
CVE-2026-44070 — Unbounded realloc in charset conversion

In Netatalk 2.0.0 through 4.4.2, unbounded realloc in charset conversion. Fixed in 4.5.0.

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
3.9 LOW
CVE-2026-44069 — Integer underflow in volxlate

In Netatalk 3.0.0 through 4.4.2, integer underflow in volxlate. Fixed in 4.5.0.

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.6 HIGH
CVE-2026-44068 — EA path traversal via incomplete sanitization

In Netatalk 2.1.0 through 4.4.2, ea path traversal via incomplete sanitization. Fixed in 4.4.3.

Remote | Path Traversal
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.2 MEDIUM
CVE-2026-44067 — EA header parsing heap over-read

In Netatalk 2.1.0 through 4.4.2, ea header parsing heap over-read. Fixed in 4.5.0.

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-44066 — Heap out-of-bounds reads in Spotlight RPC unmarshalling

In Netatalk 3.1.0 through 4.4.2, heap out-of-bounds reads in spotlight rpc unmarshalling. Fixed in 4.4.3.

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.2 MEDIUM
CVE-2026-44065 — Off-by-two in papd lp_write()

In Netatalk 2.0.0 through 4.4.2, off-by-two in papd lp_write(). Fixed in 4.5.0.

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-44064 — ASP session ID out-of-bounds access

In Netatalk 1.3 through 4.4.2, asp session id out-of-bounds access. Fixed in 4.4.3.

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.2 MEDIUM
CVE-2026-44063 — LDAP filter injection

In Netatalk 2.1.0 through 4.4.2, ldap filter injection. Fixed in 4.5.0.

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6441 Results