8511 matches found
CVE-2025-30269
Qsync Central is affected by a use of externally-controlled format string vulnerability. The issue allows a remote attacker who gains a user account to potentially obtain secret data or modify memory. Root cause: externally-controlled format strings in the affected component. A fixed version is a...
CVE-2025-30269
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync...
CVE-2025-30269 Qsync Central
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync...
CVE-2025-30269 Qsync Central
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync...
QNAP Qsync Central 格式化字符串错误漏洞
QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a vulnerability related to formatted strings. This vulnerability stemmed from the use of externally controlled formatted...
PT-2026-7532
Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A use of externally-controlled format string issue exists in Qsync Central. A remote attacker who obtains a user account may be able to obtain secret data or modify memory. The issue involves...
CVE-2025-64157
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...
CVE-2025-64157
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...
CVE-2025-64157
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...
CVE-2025-64157
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...
CVE-2025-64157
CVE-2025-64157 affects Fortinet FortiOS versions 7.0–7.6.4 (and 7.4.x, 7.2.x, 7.6.x ranges as listed) where an authenticated administrator can trigger unauthorized code execution via specifically crafted configuration due to an externally-controlled format string. Multiple connected sources (Fort...
PT-2026-7276
Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.0 through 7.2.11 Fortinet FortiOS versions 7.4.0 through 7.4.9 Fortinet FortiOS versions 7.6.0 through 7.6.4 Description An issue exists in Fortinet FortiOS where a use of externally-controlled format string can all...
Fortinet FortiOS 格式化字符串错误漏洞
Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features such as firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and anti-spam...
Fortinet Fortigate Format String in CAPWAP fast-failover mode (FG-IR-25-795)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-795 advisory. - A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
The CVE-2026-21640 entry describes an INI format-string injection in Revive Adserver settings that can crash the admin console with a fatal PHP error when certain character sequences are used. The issue is reported for Revive Adserver (with a referenced 6.0.4 context in the HackerOne report). Roo...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...