8451 matches found
EUVD-2025-32340
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-52429 QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-52429
CVE-2025-52429 affects QNAP QTS and QuTS hero. The issue is a use of externally-controlled format string in the OS, which an administrator-authenticated remote attacker could exploit to access secret data or modify memory. Affected products/versions: QTS prior to 5.2.6.3195 (build 20250715) and Q...
EUVD-2025-32365
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-52429 QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-48730 QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
EUVD-2025-32369
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-48730
The CVE-2025-48730 issue is a use of externally-controlled format string vulnerability affecting QNAP QTS and QuTS Hero. The root cause is formatting strings controlled by external input, enabling a remote attacker with an administrator account to obtain secret data or modify memory. Affected ver...
CVE-2025-48730 QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
PT-2025-40569
Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A use of externally-controlled format string vulnerability exists in QNAP operating systems. If an attacker obtains an...
PT-2025-40586
Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A use of externally-controlled format string vulnerability exists in QNAP operating systems. If an attacker obtains an...
PT-2025-40565
Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A use of externally-controlled format string issue exists in QNAP operating systems. If an attacker obtains an...
PT-2025-40587
Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A use of externally-controlled format string vulnerability exists in QNAP operating systems. If an attacker obtains an...
NewStart CGSL MAIN 6.06 : ncurses Multiple Vulnerabilities (NS-SA-2025-0223)
The remote NewStart CGSL host, running version MAIN 6.06, has ncurses packages installed that are affected by multiple vulnerabilities: - In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...
ROS-20250930-07
Vulnerability of ImageMagick console graphic editor related to format string error in function "InterpretImageFilename" function. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code on the target system, execute arbitrary code on the target system Vulnerabili...
CVE-2025-9494
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...
CVE-2025-36202
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...
Arbitrary Code Execution
ImageMagick is vulnerable to Arbitrary Code Execution. The vulnerability is due to format string vulnerability due to user input being passed directly to FormatLocaleString without proper sanitization, allowing attackers to overwrite arbitrary memory and potentially achieve remote code execution...
CVE-2025-36202
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...
CVE-2025-36202 IBM webMethods Integration code execution
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...