EUVD-2026-35358

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-41986

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-41986

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-41986

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-62858

CVE-2025-62858 is a buffer overflow affecting several QNAP OS lines (QTS 5.2.x and QuTS hero releases h5/h6) where an attacker with an administrator account could cause memory modification or process crashes. The vulnerability’s root cause is not explicitly detailed in the provided documents, but...

EUVD-2025-210082

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...

CVE-2026-41539

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

CVE-2026-41539

CVE-2026-41539 is a cross-site scripting (XSS) vulnerability affecting several QNAP operating system versions. The issue impacts QTS 5.2.9.3492+ and QuTS hero releases: h5.2.9.3499+, h5.3.4.3500+, and h6.0.0.3500+, all built around 2026-05-07 to 2026-05-20. Root cause and technical details are no...

CVE-2026-41539 QTS, QuTS hero

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

CVE-2026-41539 QTS, QuTS hero

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

Kyocera TASKalfa printer - Path Traversal

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings. id: CVE-2023-34259 info: name: Kyocera TASKalfa printer - Path...

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

DNS Cache Poisoning

Netty is vulnerable to DNS Cache Poisoning. The vulnerability is due to insufficient validation of the bailiwick of NS records in DnsResolveContext, which allows an attacker controlling an authoritative subdomain name server to poison DNS cache entries for parent domains...

secure-banking-app

secure-banking-app...

SQL-Injection-Detection-System

SQL Injection Detection System A comprehensive full-stack web...

CVE-2026-11476

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

CVE-2026-11471

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

CVE-2026-11474

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

CVE-2026-11472

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...