Latest CVE Feed
-
4.9
MEDIUMCVE-2026-22821
mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-1224
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.... Read more
Affected Products : service_asset- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-1246
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' A... Read more
Affected Products : image_optimizer- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2025-59386
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
Affected Products : quts_hero- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.... Read more
Affected Products : aspera_console- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-57711
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proces... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-0806
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-21948
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-21941
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-21937
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access ... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2025-57710
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proces... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-21964
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with netw... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2025-54163
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulner... Read more
Affected Products : file_station- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-58466
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify contr... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2025-66274
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
Affected Products : quts_hero- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-58471
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proces... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-54155
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more
Affected Products : file_station- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-54161
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more
Affected Products : file_station- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-54162
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vul... Read more
Affected Products : file_station- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2026-23844
Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue.... Read more
Affected Products : whisper_money- Published: Jan. 19, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization