3465 matches found
EUVD-2025-22121
Malicious code in bioql PyPI...
EUVD-2021-28700
Malicious code in bioql PyPI...
CVE-2025-52858
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-52859 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-47214 QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-44008 Qsync Central
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1...
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...
NewStart CGSL MAIN 6.06 : ruby Multiple Vulnerabilities (NS-SA-2025-0208)
The remote NewStart CGSL host, running version MAIN 6.06, has ruby packages installed that are affected by multiple vulnerabilities: - CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks vi...
mysql: Optimizer unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java
Summary IBM Enterprise Application Service for Java is affected by multiple vulnerabilities found in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in...
CVE-2025-43801
Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers...
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
mysql: DDL unspecified vulnerability (CPU Jul 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.42, 8.4.5 and 9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Linux Distros Unpatched Vulnerability : CVE-2021-38380
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack- based buffer over-read. An attacker can leverage this t...
PT-2025-36787
Name of the Vulnerable Software and Affected Versions: Tenda G3 version 3.0br V15.11.0.17 Description: The Tenda G3 version 3.0br V15.11.0.17 contains multiple stack overflows in the formIPMacBindModify function. These overflows occur via the ruleId, ip, mac, v6, and remark parameters. A crafted...
openSUSE 15: jetty-annotations / jetty-ant / jetty-cdi / jetty-client / etc (SUSE-SU-2025:02993-2)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02993-2 advisory. Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252 Tenable has...
CVE-2025-30263
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0...
Linux Distros Unpatched Vulnerability : CVE-2025-55163
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS...
CVE-2025-34165 NetSupport Manager < 14.12.0000 Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service DoS or potentially leak a limited amount of memory...
CVE-2025-29889 File Station 5
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...