CVE-2026-26239

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

CVE-2026-24720

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

CVE-2026-33036

CVE-2026-33036 concerns the fast-xml-parser library. A bypass vulnerability in versions 4.0.0-beta.3 through 5.5.5 allows numeric character references (&#NNN;, &#xHH;) and standard XML entities to evade entity expansion limits (maxTotalExpansions, maxExpandedLength) intended to fix CVE-2026-26278...

CVE-2025-57713

CVE-2025-57713 concerns QNAP File Station 5. The weakness is a weak authentication mechanism that could allow remote attackers to obtain sensitive information. Disclosed across multiple sources, with a fix released in File Station 5 5.5.6.5166 and later; affected versions prior to this may be vul...

CVE-2025-62855

CVE-2025-62855 describes a path traversal vulnerability in File Station 5. A local attacker who has an administrator account can exploit the flaw to read contents of unexpected files or system data. The issue is reported to be exploitable over the network with low attack complexity and no user in...

PT-2026-7578

A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

PT-2025-45443

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5018 Description A flaw exists where a remote attacker, having obtained a user account, could potentially trigger a denial-of-service DoS attack due to a NULL pointer dereference. Recommendations Update t...

CVE-2024-56295

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6...

PT-2016-7899 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.56 and earlier MySQL Server versions 5.6.36 and earlier MySQL Server versions 5.7.18 and earlier Description: The issue allows a low privileged attacker with network access via multiple protocols to compromise MySQL...