QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP Qsync Central versions prior to 5.0.0.1, which stems from a null pointer dereference and could lead to a denial of service attack...

Paraşüt 跨站脚本漏洞

Paraşüt is a cloud-based online finance and accounting management software from Paraşüt Turkey. A cross-site scripting vulnerability exists in Paraşüt versions 0.0.0.65efa44e through 20250204, which stems from improper input neutralization and could lead to cross-site scripting attacks...

agora 代码问题漏洞

agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A code issue vulnerability exists in versions prior to agora fall23-Alpha1 690ce56, which stems from a user controller allowing non-standard image formats leading to cross-site scripting attacks...

Turtek Eyotek 安全漏洞

Turtek Eyotek is a cloud-based educational institution management system from Turtek Turkey. A security vulnerability exists in Turtek Eyotek versions prior to 23.06.2025, which stems from bypassing authorization via a user control key and could lead to the exploitation of trusted identifiers...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

HCL Domino Volt和HCL Domino Leap 安全漏洞

HCL Domino Volt and HCL Domino Leap are both products of HCL India.HCL Domino Volt is a low-code application development solution based on the Domino platform.HCL Domino Leap is a cloud-based collaboration platform that modernizes traditional Domino applications. HCL Domino Volt and HCL Domino Le...

HCL Domino Volt和HCL Domino Leap 安全漏洞

HCL Domino Volt and HCL Domino Leap are both products of HCL India.HCL Domino Volt is a low-code application development solution based on the Domino platform.HCL Domino Leap is a cloud-based collaboration platform that modernizes traditional Domino applications. A security vulnerability exists i...

SAP ERP BW Business Content Code Injection Vulnerability

SAP ERP BW Business Content is a cloud-based e-commerce platform that helps companies create a personalized and seamless buying experience for their customers. SAP ERP BW Business Content suffers from a code injection vulnerability that can be exploited by an attacker to execute arbitrary code...

SAP Commerce 跨站脚本漏洞

SAP Commerce is a set of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management, and operations management. A cross-site scripting vulnerability exists in SAP Commerce that stems from insufficient input validation and could lead t...

The vulnerability of the Microsoft Azure AI Face Service, a cloud-based facial recognition and analysis service using artificial intelligence technologies, relates to the ability to bypass authentication through spoofing. This allows attackers to elevate their privileges.

The vulnerability of the Microsoft Azure AI Face Service, a cloud-based facial recognition and analysis service using artificial intelligence technologies, relates to the ability to bypass authentication through spoofing. Exploiting this vulnerability can allow unauthorized actors to gain increas...

CVE-2024-30801

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component...

Baidu Antivirus 安全漏洞

Baidu Antivirus is a permanently free cloud-based security antivirus software from the Chinese company Baidu Baidu. A security vulnerability exists in Baidu Antivirus version v5.2.3.116083, which originates from a problem in the driver that allows an attacker to terminate arbitrary processes by...

Avaya Spaces 安全漏洞

Avaya Spaces is a cloud-based team collaboration tool from Avaya. A security vulnerability exists in Avaya Spaces. An attacker exploiting the vulnerability could execute code or disclose sensitive information...

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with...

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect thi...

CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

The vulnerability of the backup and data restoration software for Veeam Service Provider Console (VSPC) clients that are located remotely or in the cloud lies in access control errors. This allows a malicious actor to delete any files on the VSPC server at will.

The vulnerability of the backup and data recovery software for Veeam Service Provider Console VSPC for remote and cloud-based customers is related to access control errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to delete any files on the VSPC server at...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server allows attackers to gain unauthorized access to protected information, thereby enabling them to compromise the security of these systems.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server relates to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insufficient protection of sensitive data, allowing attackers to influence privacy issues.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to influence the confidentiality of sensitive information...