30 matches found
CVE-2025-54149
CVE-2025-54149 affects Qsync Central and is an uncontrolled resource consumption vulnerability leading to a DoS. The issue is exploitable by a local attacker who has a user account, exploiting the vulnerability to exhaust resources. A fixed version is available: Qsync Central 5.0.0.4 (released 20...
N-central - XML External Entities Injection
N-central versions %xxe; rand http: - raw: - | POST /dms/services/ServerUI HTTP/2 Host: Hostname Content-Type: text/xml Soapaction: ""...
CVE-2025-69259
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability...
CVE-2025-11700
N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...
EUVD-2023-51267
Malicious code in bioql PyPI...
EUVD-2023-54340
Malicious code in bioql PyPI...
EUVD-2024-46549
Malicious code in bioql PyPI...
EUVD-2025-27760
Malicious code in bioql PyPI...
EUVD-2022-48556
Malicious code in bioql PyPI...
EUVD-2025-17341
Malicious code in bioql PyPI...
QNAP Qsync Central 安全漏洞
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by attackers to cause a denial of service...
N-able N-Central Insecure Deserialization Vulnerability
N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution...
The vulnerability of the ConvertFromJson method in the monitoring and security management tool Trend Micro Apex Central allows a attacker to execute arbitrary code in the context of NETWORK SERVICE.
The vulnerability of the ConvertFromJson method in the Trend Micro Apex Central security monitoring and management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of NETWORK SERVICE...
CVE-2025-47865
CVE-2025-47865 : A Local File Inclusion vulnerability affects Trend Micro Apex Central widget in versions below 8.0.6955. The flaw exists in the getObjWGFServiceApiByApiName function and can lead to remote code execution on affected installations. Exploitation details in public disclosures indica...
Trend Micro Apex Central 安全漏洞
Trend Micro Apex Central is a web-based console from Trend Micro, Inc. A security vulnerability exists in Trend Micro Apex Central versions prior to 8.0.7007 that stems from improper deserialization and could lead to pre-authenticated remote code execution...
CVE-2025-22482
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...
CVE-2025-22482 Qsync Central
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...
PT-2025-24293 · Qnap · Qsync Central
Name of the Vulnerable Software and Affected Versions: Qsync Central versions prior to 4.5.0.6 Description: A use of externally-controlled format string vulnerability has been reported. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data ...
The vulnerability of the monitoring and security management tool Trend Micro Apex Central lies in the insufficient processing of incoming requests, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the monitoring and security management tool Trend Micro Apex Central lies in the insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2024-8510
N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6...