48857 matches found
CVE-2025-62842 HBS 3 Hybrid Backup Sync
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...
CVE-2025-53597
CVE-2025-53597 describes a buffer overflow in QNAP License Center. The vulnerability affects License Center versions prior to 2.0.36, where an attacker with administrative privileges could trigger memory corruption or cause processes to crash. The fixed version is License Center 2.0.36 and later....
CVE-2025-53591
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-53591
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-52863 QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...
QNAP Systems HBS 3 Hybrid Backup Sync 安全漏洞
QNAP Systems HBS 3 Hybrid Backup Sync is a backup and synchronization tool from QNAP Systems Taiwan, China. A security vulnerability exists in QNAP Systems HBS 3 Hybrid Backup Sync that originates from external control of file names or paths, which could result in reading or modifying files or...
PT-2026-1092
Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.8.3332 build 20251128 Description A buffer overflow issue exists in QNAP operating system. A remote attacker gaining administrator access can exploit this to modify memory or cause processes to crash. Recommendations...
Directory Traversal
Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via the updatethreadelement and deletethreadelement handlers in backend/chainlit/server.py. An authenticated attacker can read arbitrary files from the server by sending a craft...
CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...
EUVD-2025-206082
Epic Games Psyonix Rocket League =1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' Full flag for the 'Authenticated Users' group to change executable files and potentially...
CVE-2021-47742
Epic Games Psyonix Rocket League =1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' Full flag for the 'Authenticated Users' group to change executable files and potentially...
CVE-2021-47742
CVE-2021-47742 affects Epic Games Psyonix Rocket League
CVE-2020-36904 Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...
PT-2025-54423
Name of the Vulnerable Software and Affected Versions Rocket League versions 1.95 and earlier Description The software contains an insecure permissions issue. Authenticated users can modify executable files with full access permissions. An attacker could exploit this to change executable files an...
Epic Games Psyonix Rocket League 安全漏洞
Epic Games Psyonix Rocket League is a competitive game from the American company Epic Games. A security vulnerability exists in Epic Games Psyonix Rocket League version 1.95 and earlier, which stems from an insecure privilege setting that could allow an authenticated user to modify executable fil...
titra 安全漏洞
titra is a time tracking project from kromit open source. A security vulnerability exists in versions prior to titra 0.99.49, which stems from an authenticated administrator user can modify the timeEntryRule value in the database and pass it to NodeVM for execution, potentially leading to remote...
CVE-2024-58337
CVE-2024-58337 affects the Akuvox Smart Intercom S539. The vulnerability is an improper access control in the ServicesHTTPAPI that lets users with 'User' privileges modify API access settings and configurations, enabling privilege escalation to administrative functionalities. The CVSS details ind...
CVE-2025-15065
Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared...
PT-2025-54257
Name of the Vulnerable Software and Affected Versions Akuvox Smart Intercom S539 affected versions not specified Description The Akuvox Smart Intercom S539 has an issue with access control. Users with 'User' privileges can modify API access settings and configurations. This can allow attackers to...
CVE-2025-15065
Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared...