|
3211
|
9.8 |
CRITICAL
Network
|
qnap
|
qumagie
|
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges.
We have …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44083
|
2026-06-13 00:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3212
|
6.5 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to mod…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-62858
|
2026-06-13 00:44 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3213
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-502
CWE-79
Deserialization of Untrusted Data
Cross-site Scripting
|
CVE-2026-48560
|
2026-06-13 00:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3214
|
4.6 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-48562
|
2026-06-13 00:38 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3215
|
6.1 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41539
|
2026-06-13 00:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3216
|
7.5 |
HIGH
Network
|
qnap
|
qumagie
|
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We hav…
|
CWE-862
Missing Authorization
|
CVE-2026-26236
|
2026-06-13 00:35 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3217
|
7.8 |
HIGH
Local
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability all…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-46748
|
2026-06-13 00:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3218
|
- |
|
-
|
-
|
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-priv…
|
CWE-22
Path Traversal
|
CVE-2026-45171
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3219
|
- |
|
-
|
-
|
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially exe…
|
CWE-78
OS Command
|
CVE-2026-45172
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3220
|
- |
|
-
|
-
|
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated …
|
CWE-346
Origin Validation Error
|
CVE-2026-45173
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
