CVE-2025-48721

CVE-2025-48721 describes a buffer overflow affecting QNAP OS such as QTS and QuTS hero. Connected documents confirm a vulnerability where a remote attacker who already has an administrator account can trigger memory modification or process crashes. The issue is mitigated by fixes introduced in QT...

PT-2025-40254

Name of the Vulnerable Software and Affected Versions TOTOLINK X18 version 9.1.0cu.2053 B20230309 Description The software contains a command injection issue through the agentName parameter within the setEasyMeshAgentCfg function. This allows for potential unauthorized command execution...

PT-2025-36912

Name of the Vulnerable Software and Affected Versions: TP-Link AX10 Ax1500 version 1.3.10 Build 20230130 Description: An issue in TP-Link AX10 Ax1500 allows a remote attacker to obtain sensitive information. Recommendations: At the moment, there is no information about a newer version that contai...

QNAP Remote Code Execution

QNAP proof of concept stack overflow remote code execution exploit. This has been addressed in versions QTS 5.1.7.2770 build 20240520, hero h5.1.7.2770 build 20240520 and above...

CVE-2025-22481

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

tsMuxer 安全漏洞

tsMuxer is a transport stream multiplexer for remixing/multiplexing elementary streams by Dan's personal developer. A security vulnerability exists in version tsMuxer nightly-2024-03-14-01-51-12, which stems from the inclusion of a buffer overflow issue. An attacker could cause a denial of servic...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a 7-card open source application. A SQL injection vulnerability exists in 7-card Fakabao version 1.0build20230805 and earlier versions, which stems from a problem with an unknown function in shop/wxpaynotify.php...

SUSE-SU-2023:4758-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.10 SUSE Linux Enterprise Server Micro 5.5 support CLM filter by package build date Enhanced Errata.getDetails API endpoint CVEs fixed: CVE-2023-22644 Bugs mentioned: bsc1191143, bsc1204235, bsc1207012,...

Security Bulletin: IBM i Access Client Solutions - Windows Application Package is vulnerable to a timing issue with RSA Decryption in GSKit builds prior to 8.0.55.31 (CVE-2023-32342)

Summary IBM GSKit is used by IBM i Access Client Solutions - Windows Application Package when making TLS connections to an IBM i partition. If an RSA cipher is used, IBM GSKit could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IB...

QSAN Storage Manager 授权问题漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An authorization issue vulnerability exists in QSAN Storage Manager prior to version 3.3.1 build 202101041800, which stems from the product misassigning permissions on critical resource management and can...

Juniper JSA10935

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10935 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version numbe...

DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-01002)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/productcategory.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script...

PbootCMS Code Execution Vulnerability

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A security vulnerability exists in PbootCMS version V1.3.1 build 2018-11-14, which stems from the program failing to use the correct protection mechanism. A remote attacker can exploit t...

openSUSE Security Update : libheimdal (openSUSE-2018-876)

This update for libheimdal to version 7.5.0 fixes the following issues : The following security vulnerability was fixed : - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet...

Juniper Networks Junos OS RDP Crash Vulnerability

RDP crash when receiving BGP UPDATE with malformed inetflow prefix. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos...

CA20140403-01: Security Notice for CA Erwin Web Portal

-----BEGIN PGP SIGNED MESSAGE----- CA20140403-01: Security Notice for CA Erwin Web Portal Issued: April 03, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal. The vulnerabilities, CVE-2014-2210, occur due to insufficient path verification. A...

Juniper Junos XNM Command Remote DoS (JSA10607)

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability related to the XNM command processor. A remote attacker can exploit this to cause a denial of service by sending a specially crafted XNM command. Note that this issue on...

Juniper Networks Junos OS TCP Packet Handling Denial of Service Vulnerability

A vulnerability in the Flow Daemon can cause a crash when handling certain TCP packets. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities

BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernam...

BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernames in the Plumtree portal as well as the server hostname, build date, and server version. Informati...