Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,690
Quick preset (or use dates below)
Clear Filters
Showing 11,901 - 11,920 of 14,604 CVEs
CVE-2019-25311 MEDIUM - 6.4

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_descrip...

Vendor: kostasmitroglou
Product: thesystem
Published: Feb 11, 2026
Source: NVD
CVE-2018-25157 MEDIUM - 6.4

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or redi...

Vendor: Phraseanet
Product: Phraseanet DAM Open Source
Published: Feb 11, 2026
Source: NVD
CVE-2026-26019 MEDIUM - 4.1

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option (enabled by default) is intended to restrict crawling to the same site ...

Vendor: npm
Product: @langchain/community
Published: Feb 11, 2026
Source: GitHub
CVE-2026-26014 MEDIUM - 5.9

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce i...

Vendor: go
Product: github.com/pion/dtls/v3
Published: Feb 11, 2026
Source: GitHub
CVE-2026-22894 MEDIUM - 6.5

A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5...

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD
CVE-2025-68406 MEDIUM - 6.5

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-66278 MEDIUM - 6.5

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5...

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD
CVE-2025-66274 MEDIUM - 4.9

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the follow...

Vendor: QNAP Systems Inc.
Product: QuTS hero
Published: Feb 11, 2026
Source: NVD
CVE-2025-62856 MEDIUM - 4.4

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Stat...

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD
CVE-2025-62855 MEDIUM - 4.4

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Stat...

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD
CVE-2025-62854 MEDIUM - 6.5

An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Statio...

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD
CVE-2025-62853 MEDIUM - 6.5

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5...

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD
CVE-2025-59386 MEDIUM - 4.9

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the follow...

Vendor: QNAP Systems Inc.
Product: QuTS hero
Published: Feb 11, 2026
Source: NVD
CVE-2025-58472 MEDIUM - 4.9

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Centra...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-58471 MEDIUM - 4.9

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource....

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-58470 MEDIUM - 6.5

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-58467 MEDIUM - 6.5

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Cent...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-58466 MEDIUM - 4.9

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already ...

Vendor: QNAP Systems Inc.
Product: QTS, QuTS hero
Published: Feb 11, 2026
Source: NVD
CVE-2025-57711 MEDIUM - 4.9

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource....

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-57710 MEDIUM - 4.9

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource....

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD