CVE-2025-57706

A cross-site scripting XSS vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: File...

CVE-2025-54167 Notification Center

A cross-site scripting XSS vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following...

CVE-2025-54168 QuLog Center

A cross-site scripting XSS vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version:...

CVE-2025-54168 QuLog Center

A cross-site scripting XSS vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version:...

CVE-2025-57706

CVE-2025-57706 is a QNAP File Station 5 XSS vulnerability. It stems from insufficient filtering/escaping of user-supplied data, enabling an attacker with a valid account to read application data or bypass security checks. Affected software: File Station 5; vulnerable component/content handling le...

CVE-2025-58463 Download Station

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following...

CVE-2025-58465

The CVE-2025-58465 entry describes a cross-site scripting (XSS) vulnerability in QNAP Download Station. A remote attacker who gains a user account could exploit the flaw to bypass security mechanisms or read application data. Affected software is Download Station; vulnerable component/process is ...

CVE-2025-58465 Download Station

A cross-site scripting XSS vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions:...

CVE-2025-58465 Download Station

A cross-site scripting XSS vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions:...

PT-2025-45437

Name of the Vulnerable Software and Affected Versions Download Station versions prior to 5.10.0.304 Description A cross-site scripting XSS issue exists in Download Station. A remote attacker who has obtained a user account can potentially exploit this issue to circumvent security measures or acce...

QNAP Download Station 跨站脚本漏洞

QNAP Download Station is a web-based download tool from Taiwan, China-based QNAP Technology QNAP. A cross-site scripting vulnerability exists in QNAP Download Station, which stems from susceptibility to cross-site scripting attacks that could result in bypassing security mechanisms or reading...

QNAP Systems File Station 5 跨站脚本漏洞

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplie...

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

CVE-2025-54970

BAE Systems SOCET GXP prior to version 4.6.0.2 contains a vulnerability in the Job Status Service where requests are not authenticated. In affected configurations, remote or local users may abort jobs or read information without the job owner’s permissions. The issue is documented across multiple...

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP prior to version 4.6.0.2, which originates from an unauthenticated request from the SOCET GXP Job Status Service, and could cau...

EUVD-2025-36207

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

CVE-2025-61755

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...

CVE-2025-53051

Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index...

CVE-2025-61764

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2025-53060

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...