81 matches found
EUVD-2025-27778
Malicious code in bioql PyPI...
CVE-2025-44014
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 2025/07/09 and la...
CVE-2025-54153
CVE-2025-54153 describes an SQL injection vulnerability in QNAP Qsync Central . According to multiple sources, a remote attacker who already has a user account can exploit this to execute unauthorized code or commands. The issue is rated high priority with a CVSS of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C...
CVE-2025-44014
CVE-2025-44014 affects QNAP Qsync Central prior to 5.0.0.1. The root cause is an out-of-bounds write that can allow a remote attacker with a user account to modify or corrupt memory. Public docs describe the impact as memory modification/corruption with high severity, and the issue is mitigated b...
QNAP Qsync Central 代码问题漏洞
QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP Qsync Central versions prior to 5.0.0.1 that stems from a null pointer dereference and could lead to a denial of service attack...
PT-2025-40050
Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...
SUSE SLES12 Security Update : regionServiceClientConfigEC2 (SUSE-SU-2025:03170-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03170-1 advisory. - Update to version 5.0.0. bsc1246995 - SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...
CVE-2025-54052
Cross-Site Request Forgery CSRF vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows PHP Local File Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through = 5.0.0...
WordPress plugin Realtyna Organic IDX plugin 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-54698 WordPress Classified Listing Plugin plugin <= 5.0.0 - Content Injection Vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0...
IBM Aspera Faspex Code Issue Vulnerability
IBM Aspera Faspex is IBM's high-performance file transfer solution designed to transfer large files quickly and reliably. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12.1, which stems from insufficient client-side enforcement of server-side security mechanisms...
IBM Aspera Faspex 安全漏洞
IBM Aspera Faspex is IBM's high-performance file transfer solution designed for fast, secure transfer of large-volume data. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12.1, which originates from a client not properly implementing server-side security mechanism...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS version 5.0.0 suffers from a security vulnerability, no details of the vulnerability are provided at this time...
Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability
Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Juraj Nemec poker10 in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...
Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability
Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...
UPX 安全漏洞
UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...
GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...
CVE-2025-0719
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...