PT-2026-7533

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description An out-of-bounds write issue exists in Qsync Central. A remote attacker who obtains a user account can potentially modify or corrupt memory. Recommendations Update to Qsync Central version...

PT-2026-7532

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A use of externally-controlled format string issue exists in Qsync Central. A remote attacker who obtains a user account may be able to obtain secret data or modify memory. The issue involves...

PT-2026-7539

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

CVE-2024-50619

CVE-2024-50619 affects CIPPlanner CIPAce prior to 9.17, specifically the My Account and User Management components. A low-privileged authenticated user can tamper with the client user id to access other users’ accounts, and can elevate privileges by modifying information of a user role that is di...

PT-2026-7537

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A buffer overflow issue exists in Qsync Central. A remote attacker who obtains a user account can potentially exploit this to alter memory or cause processes to crash. Recommendations Update ...

QNAP Qsync Central 缓冲区错误漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds write attacks, which could potentially lead ...

QNAP Systems QuTS hero 安全漏洞

QNAP Systems QuTS hero is an operating system developed by QNAP Systems. Versions prior to h5.3.2.3354 of QNAP Systems QuTS hero contained a security vulnerability caused by a buffer overflow. This vulnerability could allow remote attackers to modify memory or cause processes to crash...

PT-2026-7540

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

PT-2026-7587

A Time-of-check time-of-use TOCTOU race condition in the AMD Secure Processor ASP could allow an attacker to modify External Global Memory Interconnect Trusted Agent XGMI TA commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability...

PT-2026-7559

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A buffer overflow issue exists in Qsync Central. A remote attacker who has obtained a user account can potentially exploit this issue to modify memory or cause processes to crash...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a security vulnerability caused by a buffer overflow. This vulnerability could allow remote attackers to modify memory o...

UBUNTU-CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

CVE-2025-52536

CVE-2025-52536 concerns AMD Secure Encrypted Virtualization (SEV) firmware. The issue is an improper prevention of lock-bit modification, which could allow a privileged attacker to downgrade SEV firmware, potentially resulting in a loss of system integrity. Documented impact is confined to firmwa...

CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to...