|
701
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-22899
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-24720
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
4.4 |
MEDIUM
Local
|
qnap
|
license_center
|
A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect…
|
CWE-22
Path Traversal
|
CVE-2025-62851
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
8.1 |
HIGH
Network
|
qnap
|
file_station
|
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restr…
|
CWE-863
Incorrect Authorization
|
CVE-2026-24724
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection.
This issue affects Product Filter …
|
CWE-89
SQL Injection
|
CVE-2026-39494
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection.
This issue affects JoomSport: from n/a through 5.7…
|
CWE-89
SQL Injection
|
CVE-2026-42647
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS.
This issue affects SliceWP: from n/a through 1.2.6.
|
CWE-79
Cross-site Scripting
|
CVE-2026-42653
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation.
This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-49060
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and including, 4.2.0 This …
|
CWE-79
Cross-site Scripting
|
CVE-2026-9125
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
8.8 |
HIGH
Network
|
-
|
-
|
Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security sev…
|
CWE-269
Improper Privilege Management
|
CVE-2026-12018
|
2026-06-12 22:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
