Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
226
Total
14
Critical
71
High
67
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2023-7339 | MEDIUM | 6.5 | Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 … | Mar 27, 2026 |
| CVE-2026-3457 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects … | Mar 27, 2026 |
| CVE-2026-27860 | LOW | 3.7 | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing … | Mar 27, 2026 |
| CVE-2026-27859 | MEDIUM | 5.3 | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail … | Mar 27, 2026 |
| CVE-2026-27858 | HIGH | 7.5 | Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable … | Mar 27, 2026 |
| CVE-2026-27857 | MEDIUM | 4.3 | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can … | Mar 27, 2026 |
| CVE-2026-27856 | HIGH | 7.4 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring … | Mar 27, 2026 |
| CVE-2026-27855 | MEDIUM | 6.8 | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials … | Mar 27, 2026 |
| CVE-2026-24031 | HIGH | 7.7 | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do … | Mar 27, 2026 |
| CVE-2026-0394 | MEDIUM | 5.3 | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to … | Mar 27, 2026 |
| CVE-2025-59032 | HIGH | 7.5 | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other … | Mar 27, 2026 |
| CVE-2025-59031 | MEDIUM | 4.3 | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents … | Mar 27, 2026 |
| CVE-2025-59028 | MEDIUM | 5.3 | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can … | Mar 27, 2026 |
| CVE-2026-4948 | MEDIUM | 5.5 | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. … | Mar 27, 2026 |
| CVE-2026-34353 | MEDIUM | 5.9 | In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed. | Mar 27, 2026 |
| CVE-2026-33559 | MEDIUM | 5.4 | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user … | Mar 27, 2026 |
| CVE-2026-33366 | MEDIUM | 5.3 | Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication. | Mar 27, 2026 |
| CVE-2026-33280 | HIGH | 7.2 | Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the … | Mar 27, 2026 |
| CVE-2026-32678 | HIGH | 7.5 | Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. | Mar 27, 2026 |
| CVE-2026-32669 | HIGH | 8.8 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. | Mar 27, 2026 |
| CVE-2026-27650 | HIGH | 8.8 | OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. | Mar 27, 2026 |
| CVE-2026-22744 | HIGH | 7.5 | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the … | Mar 27, 2026 |
| CVE-2026-22743 | HIGH | 7.5 | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, … | Mar 27, 2026 |
| CVE-2026-22742 | HIGH | 8.6 | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those … | Mar 27, 2026 |
| CVE-2026-22738 | CRITICAL | 9.8 | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could … | Mar 27, 2026 |