Lucene search
K

484 matches found

Vulnrichment
Vulnrichment
added 2026/01/02 2:56 p.m.6 views

CVE-2025-54164 QTS, QuTS hero

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...

6.9CVSS6.5AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 2:55 p.m.3 views

CVE-2025-53590 QTS

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS6.5AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/02 2:54 p.m.21 views

CVE-2025-53414 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 2:53 p.m.7 views

CVE-2025-52430 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS6.5AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2026/01/02 2:53 p.m.11 views

CVE-2025-52430

CVE-2025-52430 is a NULL pointer dereference vulnerability affecting QNAP QTS and QuTS hero. The issue allows a remote attacker who has an administrator account to trigger a denial-of-service (DoS). Affected versions are older QTS and QuTS hero builds; fixes are available in QTS 5.2.7.3256 (build...

5.1CVSS6.5AI score0.003EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-1087

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.3.1.3250 build 20250912 Description An out-of-bounds read issue exists in QNAP operating systems. A remote...

6.9CVSS6.6AI score0.00286EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.8 views

PT-2026-1092

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.8.3332 build 20251128 Description A buffer overflow issue exists in QNAP operating system. A remote attacker gaining administrator access can exploit this to modify memory or cause processes to crash. Recommendations...

6.5CVSS7.1AI score0.00385EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/12/31 6:31 p.m.266 views

Exploit for CVE-2025-68860

CVE-2025-68860 WordPress Mobile builder Plugin = 1.4.2 is...

9.8CVSS7.5AI score0.0048EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.4 views

Qnap QTS and QuTS hero Improper Limitation of a Pathname to a Restricted Directory (CVE-2024-37046)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the...

4.9CVSS5.5AI score0.00676EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/17 6:2 p.m.8 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.6AI score0.00567EPSS
Exploits1References1
OSV
OSV
added 2025/12/16 5:6 p.m.7 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.3CVSS6AI score0.00567EPSS
Exploits1References6
CVE
CVE
added 2025/12/16 5:6 p.m.24 views

CVE-2023-53895

PimpMyLog 1.7.14 is affected by an improper access control vulnerability that lets remote attackers create admin accounts via the configuration endpoint (/configuration). The unsanitized username field can be exploited to inject JavaScript, enabling a hidden backdoor and potential access to serve...

9.8CVSS6.3AI score0.00567EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/12/16 5:6 p.m.6 views

EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.2AI score0.00567EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.10 views

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...

9.8CVSS6.4AI score0.00567EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.4 views

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50399)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

7.2CVSS5.5AI score0.00574EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.5 views

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50403)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

7.2CVSS5.5AI score0.00465EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 6:15 p.m.5 views

CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

9.8CVSS6.1AI score0.00604EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/17 9:7 a.m.8 views

CVE-2021-4468

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

8.7CVSS6.9AI score0.00604EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 7:30 a.m.5 views

EUVD-2025-119991

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.4AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.8 views

PT-2025-45432

Name of the Vulnerable Software and Affected Versions QuLog Center versions prior to 1.8.2.923 Description A cross-site scripting XSS issue exists in QuLog Center. Successful exploitation by a remote attacker who has obtained administrator privileges could allow them to bypass security features o...

6.2CVSS5.8AI score0.00208EPSS
Exploits0References4
Rows per page
Query Builder