CVE-2024-45325

Fortinet FortiDDoS-F VPN/OSS component is affected by an OS Command Injection (CWE-78) in FortiDDoS-F versions 7.0.0–7.02 and earlier than 6.6.3. The root cause is improper neutralization of special elements in CLI requests, enabling a privileged attacker to execute unauthorized commands via craf...

QNAP Qsync Central SQL Injection Vulnerability (CNVD-2025-23620)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A SQL injection vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to execute unauthorized co...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...

CVE-2025-29894

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

CVE-2025-29893

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

CVE-2025-29894

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

CVE-2025-29894 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

CVE-2025-29894

CVE-2025-29894 affects QNAP Qsync Central. The vulnerability is an SQL injection in Qsync Central that can be exploited by an authenticated remote attacker to execute unauthorized commands. The issue is addressed in Qsync Central 4.5.0.7 and later. Affected component: Qsync Central (private cloud...

CVE-2025-29893

The CVE-2025-29893 issue affects QNAP Qsync Central and is caused by an SQL injection vulnerability from lack of validation of externally entered SQL statements. A remote attacker who has a user account could exploit this to execute unauthorized code or commands. The vulnerability is rated HIGH (...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A SQL injection vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to execute unauthorized co...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...

OpenBao Code Injection Vulnerability

OpenBao is OpenBao open source a sensitive data management software . A code injection vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause unauthorized code execution and network access...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-53738

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2025-50169

CVE-2025-50169 is a Windows SMB remote code execution vulnerability driven by a race condition in the SMB server where concurrent access to a shared resource is improperly synchronized. Publicly disclosed details in the provided documents confirm: the flaw exists in Windows SMB and enables code e...

Fortinet FortiADC 操作系统命令注入漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiADC version 7.2.0 and versions prior to 7.1.1, which stems from OS command injection and could lead to the execution of unauthorized code...

SUSE CVE-2025-54997

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...

Improper Access Control

github.com/openbao/openbao is vulnerable to improper access control. The vulnerability is due to the ability of privileged API operators to bypass restrictions on system code execution and network connections through manipulation of audit log prefixes, which allows an attacker to execute...

OpenBao 代码注入漏洞

OpenBao is OpenBao open source a sensitive data management software . A code injection vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause unauthorized code execution and network access...