|
271
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-24720
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
4.4 |
MEDIUM
Local
|
qnap
|
license_center
|
A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect…
New
|
CWE-22
Path Traversal
|
CVE-2025-62851
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
8.1 |
HIGH
Network
|
qnap
|
file_station
|
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restr…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-24724
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection.
This issue affects Product Filter …
New
|
CWE-89
SQL Injection
|
CVE-2026-39494
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection.
This issue affects JoomSport: from n/a through 5.7…
New
|
CWE-89
SQL Injection
|
CVE-2026-42647
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS.
This issue affects SliceWP: from n/a through 1.2.6.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42653
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation.
This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-49060
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and including, 4.2.0 This …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9125
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
8.3 |
HIGH
Adjacent
|
-
|
-
|
Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium secur…
New
|
CWE-416
Use After Free
|
CVE-2026-12014
|
2026-06-12 22:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory …
New
|
CWE-416
Use After Free
|
CVE-2026-12015
|
2026-06-12 22:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
