Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22374
Total
1599
Critical
6838
High
7169
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-66273 | UNKNOWN | — | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … | Jun 10, 2026 |
| CVE-2025-62851 | UNKNOWN | — | A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability … | Jun 10, 2026 |
| CVE-2025-62850 | UNKNOWN | — | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can … | Jun 10, 2026 |
| CVE-2025-66276 | UNKNOWN | — | QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later | Jun 10, 2026 |
| CVE-2025-59382 | UNKNOWN | — | QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: | Jun 10, 2026 |
| CVE-2025-58468 | UNKNOWN | — | A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or … | Jun 10, 2026 |
| CVE-2026-46532 | MEDIUM | 4.6 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid … | Jun 10, 2026 |
| CVE-2026-45542 | HIGH | 7.1 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the … | Jun 10, 2026 |
| CVE-2026-45541 | HIGH | 7.5 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket … | Jun 10, 2026 |
| CVE-2026-45329 | HIGH | 7.1 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only … | Jun 10, 2026 |
| CVE-2026-45328 | CRITICAL | 9.3 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c … | Jun 10, 2026 |
| CVE-2026-45160 | MEDIUM | 6.5 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the … | Jun 10, 2026 |
| CVE-2026-46546 | UNKNOWN | — | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially … | Jun 10, 2026 |
| CVE-2026-44634 | UNKNOWN | — | SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. … | Jun 10, 2026 |
| CVE-2026-53675 | MEDIUM | 4.3 | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend … | Jun 10, 2026 |
| CVE-2026-53674 | HIGH | 7.1 | BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a … | Jun 10, 2026 |
| CVE-2026-53673 | HIGH | 8.1 | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by … | Jun 10, 2026 |
| CVE-2026-47838 | MEDIUM | 6.8 | SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully … | Jun 10, 2026 |
| CVE-2026-46545 | HIGH | 7.5 | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability … | Jun 10, 2026 |
| CVE-2026-46543 | MEDIUM | 5.3 | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash … | Jun 10, 2026 |
| CVE-2026-46542 | MEDIUM | 4.3 | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in … | Jun 10, 2026 |
| CVE-2026-46541 | HIGH | 7.5 | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator … | Jun 10, 2026 |
| CVE-2026-46540 | MEDIUM | 6.5 | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork … | Jun 10, 2026 |
| CVE-2026-46539 | MEDIUM | 5.9 | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven … | Jun 10, 2026 |
| CVE-2026-46518 | HIGH | 7.7 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in … | Jun 10, 2026 |