Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
Showing 12,001 - 12,020 of 14,674 CVEs
CVE-2025-54149 MEDIUM - 5.5

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-54148 MEDIUM - 6.5

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-54147 MEDIUM - 6.5

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-54146 MEDIUM - 6.5

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-53598 MEDIUM - 6.5

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-48722 MEDIUM - 6.5

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-47209 MEDIUM - 6.5

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-30266 MEDIUM - 6.5

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2024-56807 MEDIUM - 5.5

An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024...

Vendor: QNAP Systems Inc.
Product: Media Streaming add-on
Published: Feb 11, 2026
Source: NVD
CVE-2026-1458 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1456 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing i...

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1387 MEDIUM - 6.5

GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1094 MEDIUM - 4.6

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1080 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoi...

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2025-12575 MEDIUM - 5.4

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through t...

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD
CVE-2025-12073 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections...

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD
CVE-2026-2295 MEDIUM - 5.3

The WPZOOM Addons for Elementor โ€“ Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthent...

Published: Feb 11, 2026
Source: NVD
CVE-2026-1885 MEDIUM - 6.4

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. T...

Published: Feb 11, 2026
Source: NVD
CVE-2026-1853 MEDIUM - 6.4

The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

Published: Feb 11, 2026
Source: NVD
CVE-2026-1833 MEDIUM - 5.3

The WaMate Confirm โ€“ Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with sub...

Published: Feb 11, 2026
Source: NVD