CVE-2025-52430 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-52430

CVE-2025-52430 is a NULL pointer dereference vulnerability affecting QNAP QTS and QuTS hero. The issue allows a remote attacker who has an administrator account to trigger a denial-of-service (DoS). Affected versions are older QTS and QuTS hero builds; fixes are available in QTS 5.2.7.3256 (build...

PT-2026-1087

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.3.1.3250 build 20250912 Description An out-of-bounds read issue exists in QNAP operating systems. A remote...

PT-2026-1092

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.8.3332 build 20251128 Description A buffer overflow issue exists in QNAP operating system. A remote attacker gaining administrator access can exploit this to modify memory or cause processes to crash. Recommendations...

Exploit for CVE-2025-68860

CVE-2025-68860 WordPress Mobile builder Plugin = 1.4.2 is...

Qnap QTS and QuTS hero Improper Limitation of a Pathname to a Restricted Directory (CVE-2024-37046)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the...

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2023-53895

PimpMyLog 1.7.14 is affected by an improper access control vulnerability that lets remote attackers create admin accounts via the configuration endpoint (/configuration). The unsanitized username field can be exploited to inject JavaScript, enabling a hidden backdoor and potential access to serve...

EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50403)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50399)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

CVE-2021-4468

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

EUVD-2025-119991

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...

PT-2025-45432

Name of the Vulnerable Software and Affected Versions QuLog Center versions prior to 1.8.2.923 Description A cross-site scripting XSS issue exists in QuLog Center. Successful exploitation by a remote attacker who has obtained administrator privileges could allow them to bypass security features o...

CVE-2025-61945

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weathe...

CVE-2025-61945 Missing Authentication for Critical Function in Radiometrics VizAir

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weathe...

EUVD-2016-6576

Malware in sbrugna...