Security Vulnerabilities
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
CVSS Score
2.0
EPSS Score
0.0
Published
2026-03-22
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-03-22
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings menu to trigger an application crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-22