|
621
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, and including, 7.3.1. This…
New
|
CWE-89
SQL Injection
|
CVE-2026-5074
|
2026-06-3 05:56 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset k…
New
|
CWE-287
Improper Authentication
|
CVE-2026-5076
|
2026-06-3 05:56 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
623
|
9.8 |
CRITICAL
Network
|
synology
|
beestation_os
|
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via …
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-12686
|
2026-06-3 05:43 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
9.8 |
CRITICAL
Network
|
synology
|
diskstation_manager
|
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2025-13392
|
2026-06-3 05:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
7.5 |
HIGH
Network
|
synology
|
c2_identity_edge_server
|
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
Update
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2025-14713
|
2026-06-3 05:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
8.6 |
HIGH
Network
|
synology
|
active_backup_for_business
|
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
Update
|
CWE-89
SQL Injection
|
CVE-2025-30028
|
2026-06-3 05:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
5.9 |
MEDIUM
Network
|
synology
|
safe_access
|
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with admi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-10466
|
2026-06-3 05:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
8.6 |
HIGH
Local
|
zed
|
zed
|
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allow…
Update
|
CWE-78
OS Command
|
CVE-2026-44465
|
2026-06-3 05:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
- |
|
-
|
-
|
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names e…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-49299
|
2026-06-3 05:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
- |
|
-
|
-
|
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu…
Update
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49017
|
2026-06-3 05:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
