CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1371 matches found

The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation

The Opal Estate Pro plugin ≤ 1.7.5 is vulnerable to privilege escalation. Due to missing role restrictions in the onregisteruser function, users can register with any role. This allows unauthenticated attackers to create administrator accounts. id: CVE-2025-6934 info: name: The Opal Estate Pro –...

9.8CVSS5.2AI score0.26374EPSS

Exploits12References2

Nuclei•added 9 hours ago•17 views

WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation

User Registration & Membership WordPress plugin = 5.1.2 contains an improper privilege management vulnerability caused by accepting user-supplied roles without server-side allowlist enforcement, letting unauthenticated attackers create administrator accounts id: CVE-2026-1492 info: name: WordPres...

9.8CVSS8.8AI score0.24774EPSS

Exploits2References3

RedhatCVE•added yesterday•5 views

CVE-2026-24719

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.00521EPSS

Exploits0References1

Nuclei•added yesterday•12 views

WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS5.5AI score0.90017EPSS

Exploits0References4

EUVD•added 2 days ago•5 views

EUVD-2025-210104

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00031EPSS

Exploits0References2

Vulnrichment•added 2 days ago•4 views

CVE-2025-6254 Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation

9.8CVSS5.5AI score0.00031EPSS

Exploits0References2

NVD•added 2 days ago•7 views

CVE-2026-24716

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS0.0014EPSS

Exploits0References1

NVD•added 2 days ago•7 views

CVE-2025-66279

8.6CVSS0.00521EPSS

Exploits0References1

Cvelist•added 2 days ago•34 views

CVE-2026-24719 QTS, QuTS hero

8.6CVSS0.00521EPSS

Exploits0References1

EUVD•added 2 days ago•7 views

EUVD-2026-35977

8.6CVSS6AI score0.00521EPSS

Exploits0References1

CVE•added 2 days ago•16 views

CVE-2026-24719

CVE-2026-24719 affects QNAP operating systems QTS and QuTS hero. Description: a command-injection vulnerability that can be exploited by an attacker who has obtained an administrator account to execute arbitrary commands. Affected versions include QTS 5.2.9.3492 build 20260507 and later, and QuTS...

8.6CVSS6AI score0.00521EPSS

Exploits0References1

EUVD•added 2 days ago•6 views

EUVD-2026-35972

8.6CVSS6AI score0.00521EPSS

Exploits0References1

CVE•added 2 days ago•12 views

CVE-2026-22893

CVE-2026-22893 : A command injection vulnerability affecting QNAP OS (QTS 5.2.9.3410 build 20260214 and later; QuTS hero h5.2.9.3410 build 20260214 and later; QuTS hero h5.3.4.3500 build 20260520 and later; QuTS hero h6.0.0.3459 build 20260409 and later). Root cause: improper handling that allows...

8.6CVSS6AI score0.00521EPSS

Exploits0References1

Cvelist•added 2 days ago•41 views

CVE-2025-66279 QTS, QuTS hero

8.6CVSS0.00521EPSS

Exploits0References1

Cvelist•added 2 days ago•28 views

CVE-2025-66273 QTS, QuTS hero

8.6CVSS0.00521EPSS

Exploits0References1

EUVD•added 2 days ago•6 views

EUVD-2025-210097

5.1CVSS5.5AI score0.0014EPSS

Exploits0References1

Positive Technologies•added 2 days ago•6 views

PT-2026-48367

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00165EPSS

Exploits0References2

Positive Technologies•added 2 days ago•7 views

PT-2026-48362

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00135EPSS

Exploits0References2

Positive Technologies•added 2 days ago•6 views

PT-2026-48364

8.6CVSS6AI score0.00521EPSS

Exploits0References2

CVE•added 3 days ago•14 views

CVE-2025-62858

CVE-2025-62858 is a buffer overflow affecting several QNAP OS lines (QTS 5.2.x and QuTS hero releases h5/h6) where an attacker with an administrator account could cause memory modification or process crashes. The vulnerability’s root cause is not explicitly detailed in the provided documents, but...

5.1CVSS5.8AI score0.00123EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by