|
3421
|
7.5 |
HIGH
Network
|
sqlfluff
|
sqlfluff
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be l…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-46373
|
2026-06-12 23:10 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3422
|
7.5 |
HIGH
Network
|
sqlfluff
|
sqlfluff
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be l…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-46374
|
2026-06-12 23:01 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3423
|
7.5 |
HIGH
Network
|
pipecat
|
pipecat
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pip…
|
CWE-22
Path Traversal
|
CVE-2026-44716
|
2026-06-12 23:00 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3424
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-22899
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3425
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-24720
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3426
|
4.4 |
MEDIUM
Local
|
qnap
|
license_center
|
A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect…
|
CWE-22
Path Traversal
|
CVE-2025-62851
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3427
|
8.1 |
HIGH
Network
|
qnap
|
file_station
|
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restr…
|
CWE-863
Incorrect Authorization
|
CVE-2026-24724
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3428
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection.
This issue affects Product Filter …
|
CWE-89
SQL Injection
|
CVE-2026-39494
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3429
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection.
This issue affects JoomSport: from n/a through 5.7…
|
CWE-89
SQL Injection
|
CVE-2026-42647
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3430
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS.
This issue affects SliceWP: from n/a through 1.2.6.
|
CWE-79
Cross-site Scripting
|
CVE-2026-42653
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
