Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22374
Total
1599
Critical
6838
High
7169
Medium
CVE ID Severity Score Description Published
CVE-2025-66273 UNKNOWN A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … Jun 10, 2026
CVE-2025-62851 UNKNOWN A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability … Jun 10, 2026
CVE-2025-62850 UNKNOWN A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can … Jun 10, 2026
CVE-2025-66276 UNKNOWN QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later Jun 10, 2026
CVE-2025-59382 UNKNOWN QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: Jun 10, 2026
CVE-2025-58468 UNKNOWN A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or … Jun 10, 2026
CVE-2026-46532 MEDIUM 4.6 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid … Jun 10, 2026
CVE-2026-45542 HIGH 7.1 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the … Jun 10, 2026
CVE-2026-45541 HIGH 7.5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket … Jun 10, 2026
CVE-2026-45329 HIGH 7.1 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only … Jun 10, 2026
CVE-2026-45328 CRITICAL 9.3 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c … Jun 10, 2026
CVE-2026-45160 MEDIUM 6.5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the … Jun 10, 2026
CVE-2026-46546 UNKNOWN Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially … Jun 10, 2026
CVE-2026-44634 UNKNOWN SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. … Jun 10, 2026
CVE-2026-53675 MEDIUM 4.3 BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend … Jun 10, 2026
CVE-2026-53674 HIGH 7.1 BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a … Jun 10, 2026
CVE-2026-53673 HIGH 8.1 BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by … Jun 10, 2026
CVE-2026-47838 MEDIUM 6.8 SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully … Jun 10, 2026
CVE-2026-46545 HIGH 7.5 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability … Jun 10, 2026
CVE-2026-46543 MEDIUM 5.3 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash … Jun 10, 2026
CVE-2026-46542 MEDIUM 4.3 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in … Jun 10, 2026
CVE-2026-46541 HIGH 7.5 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator … Jun 10, 2026
CVE-2026-46540 MEDIUM 6.5 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork … Jun 10, 2026
CVE-2026-46539 MEDIUM 5.9 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven … Jun 10, 2026
CVE-2026-46518 HIGH 7.7 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in … Jun 10, 2026