CVE-2025-26385

CVE-2025-26385 concerns Johnson Controls Metasys components vulnerable to an Improper Neutralization of Special Elements used in a Command (Command Injection) , with potential for remote SQL execution . Affected versions include Metasys ADS/ADX with SQL Express in 14.1 and earlier, LCS8500/NAE850...

PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...

CVE-2020-7577

A vulnerability has been identified in Camstar Enterprise Platform All versions, Opcenter Execution Core All versions V8.2. Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to th...

CVE-2025-9110

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...

CVE-2025-62857

A cross-site scripting XSS vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later...

CVE-2025-9110

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...

CVE-2025-62840

CVE-2025-62840 affects HBS 3 Hybrid Backup Sync. The issue is a flaw where generating an error message can disclose sensitive information, enabling a local attacker on the same network to read application data. Affected component is the HBS 3 Hybrid Backup Sync error-message handling; root cause ...

CVE-2025-62840 HBS 3 Hybrid Backup Sync

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following...

CVE-2025-9110 QTS, QuTS hero

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...

PT-2026-1102

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.8.3332 build 20251128 QNAP versions prior to QuTS hero h5.2.8.3321 build 20251117 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A flaw exists that allows unauthorized access to sensitive...

QNAP Systems HBS 3 Hybrid Backup Sync 安全漏洞

QNAP Systems HBS 3 Hybrid Backup Sync is a backup and synchronization tool from Taiwan, China-based QNAP Systems. A security vulnerability exists in QNAP Systems HBS 3 Hybrid Backup Sync that originates from the generation of an error message containing sensitive information that could result in...

QNAP Systems QuMagie 跨站脚本漏洞

QNAP Systems QuMagie is an AI Intelligent Photo Management software from QNAP Systems Taiwan, China. A cross-site scripting vulnerability exists in QNAP Systems QuMagie that originates in cross-site scripting and could lead to bypassing security mechanisms or reading application data...

CVE-2025-13953

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

BACnet Stack 缓冲区错误漏洞

BACnet Stack is a BACnet open source protocol stack C library for embedded systems, Linux, MacOS, BSD and Windows. A buffer error vulnerability exists in BACnet Stack versions prior to 1.5.0.rc2, which stems from the npduisexpectedreply function failing to validate the presence of an APDU byte,...

Huawei HarmonyOS Configuration Flaw Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A configuration flaw vulnerability exists in Huawei HarmonyOS, which stems from a configuration flaw in the file management module, and can be exploited by a...

DEBIAN-CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

CVE-2025-52639

HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...

EUVD-2025-198064

HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...

CVE-2025-52639

HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...