Security Vulnerabilities
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.
CVSS Score
8.7
EPSS Score
0.004
Published
2026-06-10
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.
CVSS Score
8.7
EPSS Score
0.004
Published
2026-06-10
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.
CVSS Score
2.1
EPSS Score
0.001
Published
2026-06-10
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
CVSS Score
5.3
EPSS Score
0.003
Published
2026-06-10
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
CVSS Score
5.3
EPSS Score
0.003
Published
2026-06-10
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5208 and later
CVSS Score
8.7
EPSS Score
0.003
Published
2026-06-10
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
CVSS Score
8.7
EPSS Score
0.003
Published
2026-06-10
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and later
QuTS hero h5.2.9.3499 build 20260514 and later
CVSS Score
8.6
EPSS Score
0.01
Published
2026-06-10
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
CVSS Score
5.3
EPSS Score
0.003
Published
2026-06-10
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
CVSS Score
8.6
EPSS Score
0.003
Published
2026-06-10