CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-52870

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

8.1CVSS5.8AI score0.00185EPSS

CVE-2025-52868

RedhatCVE•added 2026/02/12 1:43 p.m.•5 views

CVE-2025-48723

RedhatCVE•added 2026/02/12 1:43 p.m.•4 views

CVE-2025-48724

RedhatCVE•added 2026/02/12 1:43 p.m.•4 views

CVE-2025-48725

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

8.1CVSS5.9AI score0.00185EPSS

CVE-2025-57709

8.8CVSS5.6AI score0.00069EPSS

CVE-2025-30276

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and la...

8.8CVSS5.7AI score0.00025EPSS

CVE-2025-15096

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...

Tenable Nessus•added 2026/02/12 12:0 a.m.•3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-wheel (SUSE-SU-2026:0424-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0424-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification...

7.1CVSS7.5AI score0.00015EPSS

Exploits2References4

Positive Technologies•added 2026/02/12 12:0 a.m.•2 views

PT-2026-7879

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification...

8.5CVSS5.5AI score0.00013EPSS

Exploits0References3

CNNVD•added 2026/02/12 12:0 a.m.•4 views

Vm3Max NextVPN 安全漏洞

Vm3Max NextVPN is a VPN proxy application developed by Vm3Max Corporation. Version 4.10 of Vm3Max NextVPN contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow local users to modify executable files in order to obtain SYSTEM or Administrator...

8.5CVSS5.8AI score0.00013EPSS

Exploits0References3

Vulnrichment•added 2026/02/11 8:27 p.m.•3 views

CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS5.5AI score0.00007EPSS

Exploits0References4

Cvelist•added 2026/02/11 8:27 p.m.•21 views

CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries

7CVSS0.00007EPSS

Exploits0References4

CVE•added 2026/02/11 8:27 p.m.•17 views

CVE-2026-26158

CVE-2026-26158 concerns a flaw in BusyBox where a crafted tar archive with unvalidated hardlink or symlink entries can cause extraction outside the intended directory. The underlying issue is the presence of unvalidated hardlink/symlink paths in tar archives, enabling a attacker to exploit extrac...

7CVSS5.5AI score0.00007EPSS

Exploits0References5

RedhatCVE•added 2026/02/11 7:44 p.m.•3 views

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

7.2CVSS5.5AI score0.00025EPSS

RedhatCVE•added 2026/02/11 7:44 p.m.•3 views

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

7.2CVSS5.8AI score0.00079EPSS

Exploits1References1

ATTACKERKB•added 2026/02/11 2:16 p.m.•4 views

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00352EPSS

Exploits1References2

RedhatCVE•added 2026/02/11 1:16 p.m.•1 views

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially...

8.5CVSS7.6AI score0.00013EPSS

NVD•added 2026/02/11 1:15 p.m.•7 views

CVE-2025-58466

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have alread...

5.1CVSS0.00232EPSS