sf-mcp-server 操作系统命令注入漏洞

sf-mcp-server is a context-based protocol server developed by Anton Kutishevsky. sf-mcp-server has an operating system command injection vulnerability. This vulnerability arises from unsafe operations when using childprocess.exec to handle user input, which may lead to command injection attacks...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a security vulnerability caused by a buffer overflow. This vulnerability could allow remote attackers to modify memory o...

PT-2026-7733

Name of the Vulnerable Software and Affected Versions macOS versions prior to 14.8.4 macOS versions prior to 15.7.4 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 Description A malicious Human Interface Device HID may cause an unexpected process crash due to insufficient bounds...

PT-2026-7539

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

PT-2026-7537

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A buffer overflow issue exists in Qsync Central. A remote attacker who obtains a user account can potentially exploit this to alter memory or cause processes to crash. Recommendations Update ...

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial-of-service vulnerability exists in several Apple products, which can be exploited by attackers to...

PT-2026-7738

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.4 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 macOS Sonoma versions prior to 14.8.4 Description A malicious Human Interface Device HID may cause an unexpected process crash due to insufficient boun...

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial of service vulnerability exists in multiple Apple products due to an error in the WebKit component...

PT-2026-7540

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

PT-2026-7559

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A buffer overflow issue exists in Qsync Central. A remote attacker who has obtained a user account can potentially exploit this issue to modify memory or cause processes to crash...

PT-2026-7769

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.3 watchOS versions prior to 26.3 tvOS versions prior to 26.3 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 visionOS versions prior to 26.3 Safari versions prior to 26.3 Description The issue...

QNAP Systems File Station 5 缓冲区错误漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.0.0.4 had a buffer error vulnerability. This vulnerability was caused by a buffer overflow, which could lead to memory...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a security vulnerability caused by a buffer overflow. This vulnerability could allow remote attackers to modify memory o...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

CVE-2026-1495 Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent

The vulnerability, if exploited, could allow an attacker with Event Log Reader S-1-5-32-573 privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server...

UBUNTU-CVE-2025-48509

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity...

Open Redirect

Overview frappe is a Low Code Open Source Framework in Python and JS. Affected versions of this package are vulnerable to Open Redirect in the signup process. An attacker can cause users to be redirected to arbitrary external sites or execute malicious scripts by enticing them to visit a speciall...

CVE-2026-22923

A vulnerability has been identified in NX All versions V2512, NX Managed Mode All versions V2512. The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially...

[SECURITY] Fedora 43 Update: rust-procs-0.14.10-7.fc43

A modern replacement for ps...

PT-2026-7307

Name of the Vulnerable Software and Affected Versions IntelR Graphics Driver affected versions not specified Description A configuration issue with default permissions within some IntelR Graphics Driver software operating in Ring 2—a privileged process—could allow an escalation of privilege. An...