CVE-2025-54163 File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Statio...

CVE-2025-57711 Qsync Central

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

CVE-2025-58472 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Centra...

CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2026-25894

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...

CVE-2026-0845

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

PT-2026-7494

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' wplyr accent color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-7572

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File...

PT-2026-7552

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5068 Description A flaw exists where resources can be allocated without limits or throttling. If an attacker obtains administrator access, they may be able to prevent other systems, applications, or...

CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization SEV firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity...

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

The information technology IT workers associated with the Democratic People's Republic of Korea DPRK are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...

CVE-2026-23686

CVE-2026-23686 concerns SAP NetWeaver Application Server Java. It describes a CRLF Injection vulnerability where an authenticated, admin-level attacker can submit crafted content to the application, allowing injection of untrusted entries into generated configuration and manipulation of applicati...

CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

Missing Authentication for Critical Function

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...

Apache Druid 安全漏洞

Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid has a security vulnerability that originates from improper validation of LDAP authentication responses, which could lead to...

CVE-2026-25894

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...

CVE-2026-25894

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...