CVE-2025-57711

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

CVE-2025-54146

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2025-53598

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2025-47209

CVE-2025-47209 : A NULL pointer dereference affects Qsync Central . If a remote attacker gains a user account , they can trigger a DoS . The issue is fixed in Qsync Central 5.0.0.4 (2026-01-20) and later; CVSS-like metrics indicate low privileges and network access with no user interaction. Explo...

CVE-2025-52870

CVE-2025-52870 is a buffer‑overflow vulnerability in Qsync Central. The issue allows a remote attacker who has a user account to exploit memory corruption or crash processes. Public details identify the affected software as Qsync Central, with the root cause described as a buffer overflow. remedi...

CVE-2025-67719

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

PT-2025-50566

Name of the Vulnerable Software and Affected Versions Ibexa versions 5.0.0-beta1 through 5.0.3 Description Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 lack proper password validation during password changes. An error introduced during the...

MAL-2025-47466 Malicious code in internallib_v504 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef29b128600afaa40be1b95115adb2fd455e0f2369a632fffb2af8949124e6c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-6733 · Best Practical +2 · Request Tracker +2

Name of the Vulnerable Software and Affected Versions: Best Practical Request Tracker RT versions 4.4.6 and earlier Best Practical Request Tracker RT versions 5.0.4 and earlier Description: The issue allows Information Disclosure via fake or spoofed RT email headers in an email message or a...

PT-2022-27642 · Hillstone · Hillstone Firewall Sg-6000

Name of the Vulnerable Software and Affected Versions: Hillstone Firewall SG-6000 versions 5.0.4.0 and earlier Description: The issue is related to incorrect access control, allowing an attacker to bypass permissions and gain super administrator privileges in the background of the firewall. This ...

Squid Denial of Service Vulnerability (CNVD-2020-48582)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in Squid versions prior to 4.13 and 5.0.4 in the 5.x series, which can be exploited by...