PT-2026-1073

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in...

PT-2026-1097

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.8.3332 build 20251128 QNAP versions prior to QuTS hero h5.2.8.3321 build 20251117 Description A path traversal issue exists in QNAP operating systems. A remote attacker with administrator privileges can potential...

PT-2026-1079

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero versions prior to 5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNAP operating system...

PT-2026-1080

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNAP operating...

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

PT-2026-7845

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A heap buffer overflow in the pgcrypto component allows a...

PT-2026-21332

Name of the Vulnerable Software and Affected Versions GIMP versions 3.0.8 through 3.0.8-5 Fedora 43 Description A heap-buffer-overflow exists in the PSD loader component of the software, specifically within the fread pascal string function due to a missing null terminator. This issue can be...

PT-2026-7844

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A lack of input type validation within the selectivity...

PT-2026-7846

PostgreSQL and Affected Versions PostgreSQL versions prior to 18.3 PostgreSQL versions prior to 17.9 PostgreSQL versions prior to 16.13 PostgreSQL versions prior to 15.17 PostgreSQL versions prior to 14.22 PostgreSQL version 9.3 Description PostgreSQL is susceptible to a buffer overrun due to...

CVE-2025-15389

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

Gargoyle Router Management Utility 安全漏洞

Gargoyle Router Management Utility is a third-party router firmware from Gargoyle. A security vulnerability exists in Gargoyle Router Management Utility version 1.5.x, which stems from a restricted or insufficient validation of the commands parameter input, which could allow an authenticated...

QNO VPN Firewall 操作系统命令注入漏洞

QNO VPN Firewall is a multi-functional security gateway from Taiwan, China-based QNO. QNO VPN Firewall suffers from an operating system command injection vulnerability that originates from OS command injection, which could allow an authenticated remote attacker to execute arbitrary OS commands on...

Important Photon OS Security Update - PHSA-2025-5.0-0722

Updates of 'mariadb' packages of Photon OS have been released...

CVE-2025-15254

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

CVE-2022-50868

In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count for...

CVE-2023-54227

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...

CVE-2023-54201

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...

PT-2025-53988

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s powerpc/rtas component where the rtas os term function, called during kernel panic, could potentially hang the system if devtree lock is held. This...

SOUND4多款产品 操作系统命令注入漏洞

SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional broadcast audio processor.SOUND4 FIRST is a broadcast audio processor.SOUND4 PULSE is an audio processor. An operating system command injection vulnerability exists in several SOUND4 products. The...

SOUND4多款产品 操作系统命令注入漏洞

SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. An operating system command injection vulnerability exists in several SOUND4...