{"vulnerability": "cve-2026-4406", "sightings": [{"uuid": "ffab7e7e-4542-4d32-8774-d15f1b7fcdce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44065", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mme6uoddou2v", "content": "CVE-2026-44065 - Off-by-two in papd lp_write()\nCVE ID : CVE-2026-44065\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 2.0.0 through 4.4.2, off-by-two in papd lp_write(). Fixed in 4.5.0.\n \n Severity: 0.0 | NA\n \n Visit the link for more deta...", "creation_timestamp": "2026-05-21T10:16:40.433991Z"}, {"uuid": "ac6d4719-0150-481e-a23d-eba6bd449996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4406", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4406", "content": "", "creation_timestamp": "2026-04-07T15:16:05.000000Z"}, {"uuid": "1bffd091-8390-49ce-a254-54ca51ed9f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4406", "type": "seen", "source": "https://gist.github.com/yuenvision/33e265773f23f998158ce2703d2c43c7", "content": "", "creation_timestamp": "2026-04-17T22:49:36.000000Z"}, {"uuid": "07a4ed5b-835b-45b6-a5a4-f63b28a3ea66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4406", "type": "seen", "source": "https://t.me/GithubRedTeam/79465", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-4406\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Hann1bl3L3ct3r\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-08 18:57:07\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThe Gravity Forms plugin for WordPress (tested through version 2.9.28) is vulnerable to unauthenticated reflected cross-site scripting (XSS) via the `form_ids` parameter in the `gform_get_config` AJAX action.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-08T19:00:04.000000Z"}, {"uuid": "8b91f481-cd44-4484-8e97-a35f48e76796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4406", "type": "published-proof-of-concept", "source": "Telegram/Wl9CrQOxsQx4KE-BWCuSJcJWoX1uryv_sC7BNGTK9kDjsYQ", "content": "", "creation_timestamp": "2026-04-07T21:00:05.000000Z"}, {"uuid": "726089a7-ec26-45b1-ba6b-6067132c4dd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4406", "type": "published-proof-of-concept", "source": "Telegram/Mw0Ctk5qQ9M_cnnZZGiTkYGqKNeE1tbC3Cxhbxy9eIQ0t04", "content": "", "creation_timestamp": "2026-04-08T09:00:13.000000Z"}, {"uuid": "fd7f1447-f170-4c2d-b8c2-b43b593e0a21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44066", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mme6p4e7a52k", "content": "CVE-2026-44066 - Heap out-of-bounds reads in Spotlight RPC unmarshalling\nCVE ID : CVE-2026-44066\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 3.1.0 through 4.4.2, heap out-of-bounds reads in spotlight rpc unmarshalling. Fixed in 4.4.3.\n ...", "creation_timestamp": "2026-05-21T10:13:33.934631Z"}, {"uuid": "6951f5c1-0e18-44b4-a31d-562f2fc1594d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44064", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mme6xnze242p", "content": "CVE-2026-44064 - ASP session ID out-of-bounds access\nCVE ID : CVE-2026-44064\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 1.3 through 4.4.2, asp session id out-of-bounds access. Fixed in 4.4.3.\n \n Severity: 0.0 | NA\n \n Visit the link for...", "creation_timestamp": "2026-05-21T10:18:20.808756Z"}, {"uuid": "d6a8fb35-651e-4b9e-91f4-a0f6855a951c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44062", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mme76734nx2i", "content": "CVE-2026-44062 - Missing o_len bounds check in pull_charset_flags()\nCVE ID : CVE-2026-44062\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 2.0.4 through 4.4.2, missing o_len bounds check in pull_charset_flags(). Fixed in 4.4.3.\n \n Severity...", "creation_timestamp": "2026-05-21T10:22:00.031321Z"}, {"uuid": "8fbd0d0a-93cc-429e-bb4c-1544530c3774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44069", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mme7jrhwsi2h", "content": "CVE-2026-44069 - Integer underflow in volxlate\nCVE ID : CVE-2026-44069\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 3.0.0 through 4.4.2, integer underflow in volxlate. Fixed in 4.5.0.\n \n Severity: 0.0 | NA\n \n Visit the link for more deta...", "creation_timestamp": "2026-05-21T10:28:28.538945Z"}, {"uuid": "7446eb9f-2458-477c-842f-807d36a5bfda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44061", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mme7t5fs622e", "content": "CVE-2026-44061 - DES-ECB auth with timing side channel\nCVE ID : CVE-2026-44061\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 1.5.0 through 4.4.2, des-ecb auth with timing side channel. Fixed in 4.5.0.\n \n Severity: 0.0 | NA\n \n Visit the li...", "creation_timestamp": "2026-05-21T10:33:43.026535Z"}, {"uuid": "eac59884-b6f4-48dc-ae5d-af1f8ddd9dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44067", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mme7yjfnpz2n", "content": "CVE-2026-44067 - EA header parsing heap over-read\nCVE ID : CVE-2026-44067\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 2.1.0 through 4.4.2, ea header parsing heap over-read. Fixed in 4.5.0.\n \n Severity: 0.0 | NA\n \n Visit the link for mor...", "creation_timestamp": "2026-05-21T10:36:44.372772Z"}, {"uuid": "8c7803d2-a582-4e70-ae51-da69ea24fcc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44063", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmea6ir44f2k", "content": "CVE-2026-44063 - LDAP filter injection\nCVE ID : CVE-2026-44063\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 2.1.0 through 4.4.2, ldap filter injection. Fixed in 4.5.0.\n \n Severity: 0.0 | NA\n \n Visit the link for more details, such as CVS...", "creation_timestamp": "2026-05-21T10:40:06.731347Z"}, {"uuid": "3975f9e5-7eca-43dd-a4b0-3d65175b7fab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44068", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmeb6tek5q2i", "content": "CVE-2026-44068 - EA path traversal via incomplete sanitization\nCVE ID : CVE-2026-44068\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 2.1.0 through 4.4.2, ea path traversal via incomplete sanitization. Fixed in 4.4.3.\n \n Severity: 0.0 | NA...", "creation_timestamp": "2026-05-21T10:58:08.773042Z"}, {"uuid": "5b3e44ba-0103-41ed-a24e-7a8ab35f3929", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44060", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmebzox3tw2c", "content": "CVE-2026-44060 - Integer underflow in dsi_writeinit() leads to denial of service\nCVE ID : CVE-2026-44060\n \n Published : May 21, 2026, 7:34 a.m. | 42\u00a0minutes ago\n \n Description : In Netatalk 1.5.0 through 4.4.2, integer underflow in dsi_writeinit() leads to denial of service. F...", "creation_timestamp": "2026-05-21T11:13:10.338535Z"}, {"uuid": "d2a9f824-c6e8-4478-a566-82ec6096e79f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44060", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmgeetzwa72t", "content": "\ud83d\udfe0 CVE-2026-44060 - High (7.5)\n\nAn integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthent...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44060/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-22T07:00:32.623692Z"}, {"uuid": "fd103744-85b8-4470-9da7-75e2c979f913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44062", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmgef3qb4h2z", "content": "\ud83d\udfe0 CVE-2026-44062 - High (7.5)\n\nA missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allo...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44062/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-22T07:00:40.481073Z"}, {"uuid": "134cc617-c794-468c-885c-9362909108c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44061", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mn6rmo4sw523", "content": "4/8\n\nhttps://www.cve.org/CVERecord?id=CVE-2026-44058\n    https://www.cve.org/CVERecord?id=CVE-2026-44059\n    https://www.cve.org/CVERecord?id=CVE-2026-44061\n    https://www.cve.org/CVERecord?id=CVE-2026-44063\n    https://www.cve.org/CVERecord?id=CVE-2026-44065", "creation_timestamp": "2026-06-01T00:01:26.902973Z"}, {"uuid": "f0901722-fd11-4b9a-b59a-1781a1c6842d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44063", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mn6rmo4sw523", "content": "4/8\n\nhttps://www.cve.org/CVERecord?id=CVE-2026-44058\n    https://www.cve.org/CVERecord?id=CVE-2026-44059\n    https://www.cve.org/CVERecord?id=CVE-2026-44061\n    https://www.cve.org/CVERecord?id=CVE-2026-44063\n    https://www.cve.org/CVERecord?id=CVE-2026-44065", "creation_timestamp": "2026-06-01T00:01:27.047338Z"}, {"uuid": "d8006da7-5a19-4c34-a4e4-cdf342b7bed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44065", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mn6rmo4sw523", "content": "4/8\n\nhttps://www.cve.org/CVERecord?id=CVE-2026-44058\n    https://www.cve.org/CVERecord?id=CVE-2026-44059\n    https://www.cve.org/CVERecord?id=CVE-2026-44061\n    https://www.cve.org/CVERecord?id=CVE-2026-44063\n    https://www.cve.org/CVERecord?id=CVE-2026-44065", "creation_timestamp": "2026-06-01T00:01:27.193951Z"}, {"uuid": "31bdc6d4-a2b8-4736-a6da-a6037788b469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44067", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mn6rmpbzkd2n", "content": "5/8\n\nhttps://www.cve.org/CVERecord?id=CVE-2026-44067\n    https://www.cve.org/CVERecord?id=CVE-2026-44069\n    https://www.cve.org/CVERecord?id=CVE-2026-44070\n    https://www.cve.org/CVERecord?id=CVE-2026-44071\n    https://www.cve.org/CVERecord?id=CVE-2026-44072", "creation_timestamp": "2026-06-01T00:01:28.212864Z"}, {"uuid": "39cf826f-6d61-4eb8-b972-de9eac4a59d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44069", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mn6rmpbzkd2n", "content": "5/8\n\nhttps://www.cve.org/CVERecord?id=CVE-2026-44067\n    https://www.cve.org/CVERecord?id=CVE-2026-44069\n    https://www.cve.org/CVERecord?id=CVE-2026-44070\n    https://www.cve.org/CVERecord?id=CVE-2026-44071\n    https://www.cve.org/CVERecord?id=CVE-2026-44072", "creation_timestamp": "2026-06-01T00:01:28.369415Z"}]}