CVE-2026-9651

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

EUVD-2026-35976

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

PT-2026-48367

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.9.3492 build 20260507 QuTS hero versions prior to h5.2.9.3499 build 20260514 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3459 build 20260409 Description A path traversal...

EUVD-2026-23167

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

CVE-2026-6351

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

CVE-2026-6351

CVE-2026-6351 concerns Openfind’s MailGates/MailAudit. The Connected CVE record states a CRLF Injection vulnerability that enables unauthenticated remote attackers to read system files. This describes the vulnerable surface as the MailGates/MailAudit components, with exploitation possible without...

PT-2026-33251

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

Centova Cast 安全漏洞

Centova Cast is an internet-based broadcast streaming media management control panel provided by the Canadian company Centova. Version 3.2.11 of Centova Cast contains a security vulnerability. This vulnerability allows authenticated attackers to retrieve arbitrary system files through the...

CVE-2025-66278

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2025-54162

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File...

CVE-2025-62853 File Station 5

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2026-23593 Unauthenticated Limited File Read allows Data Exposure in Web Interface

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

EUVD-2026-4780

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

CVE-2026-23593 Unauthenticated Limited File Read allows Data Exposure in Web Interface

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

CVE-2026-23593

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

CVE-2025-59381

CVE-2025-59381 describes a path traversal vulnerability in QNAP QTS and QuTS hero affected versions prior to the fixes. The flaw allows an administrator-level attacker to read arbitrary files or system data due to improper validation of pathnames. Affected: QTS up to 5.2.8.3332 build 20251128 and...

CVE-2025-59380 QTS, QuTS hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2019-25253

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...

CVE-2019-25253 KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...

CVE-2019-25253 KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...