CVE-2025-7746

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser...

PT-2025-37129

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt remove plugin and ajax update export code functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

Linux Distros Unpatched Vulnerability : CVE-2020-1917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append cha...

CVE-2025-42958 Missing Authentication check in SAP NetWeaver

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the...

PT-2025-36563

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: A missing authentication check in the SAP NetWeaver application on IBM i-series allows unauthorized users with high privileges to read, modify, or delete sensitive information, and...

Linux Distros Unpatched Vulnerability : CVE-2020-27663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemTyp...

CVE-2024-12923

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: Photo...

CVE-2025-22483

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2021-3405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml...

Linux Distros Unpatched Vulnerability : CVE-2021-30470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType...

CVE-2025-22483

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability...

CVE-2025-22483

CVE-2025-22483 is an XSS vulnerability affecting QNAP License Center. Several QNAP OS versions are affected; an attacker who gains an administrator account could bypass security mechanisms or read application data. The issue is fixed in License Center 1.8.51 and later and in License Center 1.9.51...

CVE-2025-22483 License Center

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability...

CVE-2025-22483 License Center

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability...

CVE-2024-12923 Photo Station

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: Photo...

CVE-2024-12923

The CVE-2024-12923 entry concerns QNAP Photo Station and an XSS vulnerability. Affected product: Photo Station (QNAP). The vulnerability enables cross-site scripting when a logged-in user is targeted, with the attacker who has a user account able to exploit to read application data or bypass secu...

CVE-2025-8861

CVE-2025-8861 concerns Changing TSA, a timestamp server product, with a Missing Authentication vulnerability that allows unauthenticated remote attackers to read, modify, and delete database contents. The underlying issue is an access-control flaw (lack of authentication). The connected documents...

CVE-2025-8861 Changing｜TSA - Missing Authentication

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

PT-2025-35253

Name of the Vulnerable Software and Affected Versions: Photo Station versions prior to 6.4.5 Description: A cross-site scripting XSS vulnerability affects Photo Station. A remote attacker gaining a user account can exploit this issue to bypass security mechanisms or read application data...

Changing TSA 访问控制错误漏洞

Changing TSA is a timestamp server from Panorama Changing Corporation in Taiwan, China. Changing TSA suffers from an Access Control Error vulnerability that stems from a lack of authentication, which could allow an unauthenticated, remote attacker to read, modify, and delete database contents...