QNAP Qsync Central 安全漏洞

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an uncontrolled resource consumption vulnerability that can be exploited by attackers to cause a denial of service...

Paraşüt 跨站脚本漏洞

Paraşüt is a cloud-based online finance and accounting management software from Paraşüt Turkey. A cross-site scripting vulnerability exists in Paraşüt versions 0.0.0.65efa44e through 20250204, which stems from improper input neutralization and could lead to cross-site scripting attacks...

agora 代码问题漏洞

agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A code issue vulnerability exists in versions prior to agora fall23-Alpha1 690ce56, which stems from a user controller allowing non-standard image formats leading to cross-site scripting attacks...

Turtek Eyotek 安全漏洞

Turtek Eyotek is a cloud-based educational institution management system from Turtek Turkey. A security vulnerability exists in Turtek Eyotek versions prior to 23.06.2025, which stems from bypassing authorization via a user control key and could lead to the exploitation of trusted identifiers...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

HCL Domino Volt和HCL Domino Leap 安全漏洞

HCL Domino Volt and HCL Domino Leap are both products of HCL India.HCL Domino Volt is a low-code application development solution based on the Domino platform.HCL Domino Leap is a cloud-based collaboration platform that modernizes traditional Domino applications. HCL Domino Volt and HCL Domino Le...

HCL Domino Volt和HCL Domino Leap 安全漏洞

HCL Domino Volt and HCL Domino Leap are both products of HCL India.HCL Domino Volt is a low-code application development solution based on the Domino platform.HCL Domino Leap is a cloud-based collaboration platform that modernizes traditional Domino applications. A security vulnerability exists i...

SAP ERP BW Business Content Code Injection Vulnerability

SAP ERP BW Business Content is a cloud-based e-commerce platform that helps companies create a personalized and seamless buying experience for their customers. SAP ERP BW Business Content suffers from a code injection vulnerability that can be exploited by an attacker to execute arbitrary code...

SAP Commerce 跨站脚本漏洞

SAP Commerce is a set of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management, and operations management. A cross-site scripting vulnerability exists in SAP Commerce that stems from insufficient input validation and could lead t...

CVE-2024-30801

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component...

Baidu Antivirus 安全漏洞

Baidu Antivirus is a permanently free cloud-based security antivirus software from the Chinese company Baidu Baidu. A security vulnerability exists in Baidu Antivirus version v5.2.3.116083, which originates from a problem in the driver that allows an attacker to terminate arbitrary processes by...

Avaya Spaces 安全漏洞

Avaya Spaces is a cloud-based team collaboration tool from Avaya. A security vulnerability exists in Avaya Spaces. An attacker exploiting the vulnerability could execute code or disclose sensitive information...

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with...

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect thi...

CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

QNAP Systems Qsync Central 后置链接漏洞

QNAP Systems Qsync Central is a cloud-based file synchronization service on a NAS from China Weilian Technology QNAP Systems. A backlink vulnerability exists in QNAP Systems Qsync Central version 4.4.0.1620240819 and prior versions, which stems from the inclusion of a link tracking vulnerability...

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

CVE-2024-11702

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled...

CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox 133 and Thunderbird 133...