|
2931
|
7.2 |
HIGH
Network
|
qnap
|
qts
quts_hero
|
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e…
|
CWE-78
OS Command
|
CVE-2025-66279
|
2026-06-16 03:32 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2932
|
7.2 |
HIGH
Network
|
qnap
|
qts
quts_hero
|
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e…
|
CWE-78
OS Command
|
CVE-2025-66273
|
2026-06-16 03:32 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2933
|
7.2 |
HIGH
Network
|
qnap
|
qts
quts_hero
|
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vuln…
|
CWE-121
CWE-190
Stack-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2025-66280
|
2026-06-16 03:32 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2934
|
5.3 |
MEDIUM
Network
|
openssl
|
openssl
|
Issue Summary: An error in the callback used to verify the certificate
provided in a Root CA key update Certificate Management Protocol (CMP)
message response rendered the certificate validation inef…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42769
|
2026-06-16 03:26 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2935
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: Receiving a QUIC initial packet with an invalid token may
trigger a NULL pointer dereference in the OpenSSL QUIC server with
address validation disabled.
Impact summary: NULL pointer …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42764
|
2026-06-16 03:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2936
|
5.9 |
MEDIUM
Network
|
openssl
|
openssl
|
Issue summary: A specially crafted password-encrypted CMS message
can trigger a NULL pointer dereference during CMS decryption.
Impact summary: This NULL pointer dereference leads to an application …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42766
|
2026-06-16 03:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2937
|
8.2 |
HIGH
Network
|
erlang
|
erlang\/otp
erts
|
Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk.
The sctp_parse_error_chu…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-49759
|
2026-06-16 03:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2938
|
6.5 |
MEDIUM
Network
|
erlang
|
erlang\/otp
erlang\/ssl
|
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.
The inet_tls_dist:check_ip/…
|
CWE-863
CWE-1025
Incorrect Authorization
Comparison Using Wrong Factors
|
CVE-2026-48860
|
2026-06-16 03:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2939
|
5.3 |
MEDIUM
Network
|
erlang
|
erlang\/otp
erlang\/ssh
|
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.
W…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-48859
|
2026-06-16 03:23 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2940
|
6.5 |
MEDIUM
Network
|
erlang
|
erlang\/inets
erlang\/otp
|
Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.
The httpc client forwards the Authorization and Proxy-Authorization request…
|
CWE-601
Open Redirect
|
CVE-2026-48856
|
2026-06-16 03:23 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
