EUVD-2026-0768

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Nuvation Energy Multi-Stack Controller MSC allows OS Command Injection.This issue affects Multi-Stack Controller MSC: before 2.5.1...

Nuvation Energy Multi-Stack Controller 安全漏洞

The Nuvation Energy Multi-Stack Controller is a control unit within a battery management system from Nuvation Energy, Inc. A security vulnerability exists in Nuvation Energy Multi-Stack Controller versions prior to 2.5.1, which stems from improper neutralization of special elements in operating...

CVE-2025-64120

CVE-2025-64120 affects the Nuvation Energy Multi-Stack Controller (MSC). The vulnerability is caused by improper neutralization of special elements in OS command handling, enabling an OS command injection. Affected versions are MSC 2.3.8 up to, but not including, 2.5.1 (i.e., 2.3.8–2.5.0). Impact...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-9110

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...

CVE-2025-59381

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2025-59381

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2025-62852

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Q...

CVE-2025-48721

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Q...

CVE-2025-59380

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2025-62852 QTS, QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Q...

CVE-2025-59381 QTS, QuTS hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2025-59381 QTS, QuTS hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2025-59381

CVE-2025-59381 describes a path traversal vulnerability in QNAP QTS and QuTS hero affected versions prior to the fixes. The flaw allows an administrator-level attacker to read arbitrary files or system data due to improper validation of pathnames. Affected: QTS up to 5.2.8.3332 build 20251128 and...

CVE-2025-59380

CVE-2025-59380 describes a path traversal vulnerability in QNAP QTS and QuTS hero. A remote attacker with administrator privileges could read unexpected files or system data. Concrete details from connected sources: affected products are QTS 5.2.8.3332 build 20251128 and later, and QuTS hero h5.2...

CVE-2025-59380 QTS, QuTS hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2025-48721 QTS, QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Q...

CVE-2025-48721

CVE-2025-48721 describes a buffer overflow affecting QNAP OS such as QTS and QuTS hero. Connected documents confirm a vulnerability where a remote attacker who already has an administrator account can trigger memory modification or process crashes. The issue is mitigated by fixes introduced in QT...

CVE-2025-9110

CVE-2025-9110 affects QNAP QTS and QuTS hero where an exposure of sensitive system information to an unauthorized control sphere allows remote reading of application data. Affected versions include QTS 5.2.8.3332 build 20251128 and later, QuTS hero h5.2.8.3321 build 20251117 and later, and QuTS h...

CVE-2025-9110 QTS, QuTS hero

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...