Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22374
Total
1599
Critical
6838
High
7169
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-9067 | CRITICAL | 9.1 | The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and … | Jun 10, 2026 |
| CVE-2026-9060 | LOW | 3.5 | The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store … | Jun 10, 2026 |
| CVE-2026-8071 | HIGH | 8.8 | The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing … | Jun 10, 2026 |
| CVE-2026-3326 | HIGH | 8.6 | The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action … | Jun 10, 2026 |
| CVE-2026-29116 | UNKNOWN | — | A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that … | Jun 10, 2026 |
| CVE-2026-29115 | UNKNOWN | — | A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that … | Jun 10, 2026 |
| CVE-2026-29114 | UNKNOWN | — | A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted … | Jun 10, 2026 |
| CVE-2026-11815 | UNKNOWN | — | An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could … | Jun 10, 2026 |
| CVE-2026-10846 | UNKNOWN | — | NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address … | Jun 10, 2026 |
| CVE-2026-26241 | UNKNOWN | — | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash … | Jun 10, 2026 |
| CVE-2026-26240 | UNKNOWN | — | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash … | Jun 10, 2026 |
| CVE-2026-11837 | HIGH | 7.3 | A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without … | Jun 10, 2026 |
| CVE-2025-8444 | MEDIUM | 6.4 | The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the … | Jun 10, 2026 |
| CVE-2026-26239 | UNKNOWN | — | A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the … | Jun 10, 2026 |
| CVE-2026-26237 | UNKNOWN | — | A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized … | Jun 10, 2026 |
| CVE-2026-24724 | UNKNOWN | — | An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the … | Jun 10, 2026 |
| CVE-2026-24720 | UNKNOWN | — | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, … | Jun 10, 2026 |
| CVE-2026-24719 | UNKNOWN | — | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … | Jun 10, 2026 |
| CVE-2026-24717 | UNKNOWN | — | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … | Jun 10, 2026 |
| CVE-2026-24716 | UNKNOWN | — | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can … | Jun 10, 2026 |
| CVE-2026-22899 | UNKNOWN | — | A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit … | Jun 10, 2026 |
| CVE-2026-22893 | UNKNOWN | — | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … | Jun 10, 2026 |
| CVE-2025-66281 | UNKNOWN | — | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch … | Jun 10, 2026 |
| CVE-2025-66280 | UNKNOWN | — | An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they … | Jun 10, 2026 |
| CVE-2025-66279 | UNKNOWN | — | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … | Jun 10, 2026 |