CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

Zero Day Initiative•added 2026/03/17 12:0 a.m.•2 views

(Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of of the domainname parameter. The issue results from the la...

6.3CVSS7.2AI score0.00107EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-16638

Malware in sbrugna...

7.5CVSS7.6AI score0.00379EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-1881

Malware in sbrugna...

7.3CVSS7.7AI score0.00076EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2016-1855

Malware in sbrugna...

6.5CVSS6.6AI score0.00117EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2022-28105

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00796EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-28102

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00084EPSS

Exploits0References2

RedhatCVE•added 2025/02/05 8:7 p.m.•5 views

CVE-2022-22991

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP...

8.8CVSS7.2AI score0.00084EPSS

Exploits0References1

CNNVD•added 2024/08/24 12:0 a.m.•1 views

D-Link多款产品命令注入漏洞

D-Link DNS-325 and others are a NAS Network Attached Storage device from China's D-Link Corporation. A command injection vulnerability exists in various D-Link products, which originates from a command injection vulnerability in the path parameter of the cgiunzip function in the...

9.8CVSS7.1AI score0.02376EPSS

Exploits1References7

OpenVAS•added 2022/10/25 12:0 a.m.•18 views

Synology NAS / DiskStation Manager (DSM) Detection Consolidation

Consolidation of Synology NAS devices, DiskStation Manager DSM OS and application detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.4AI score

Exploits0References1

OSV•added 2022/01/28 8:15 p.m.•0 views

CVE-2022-22994

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks...

9.8CVSS7.8AI score0.00796EPSS

Exploits0References2

NVD•added 2022/01/13 9:15 p.m.•13 views

CVE-2022-22991

8.8CVSS0.00084EPSS

Exploits0References2

OSV•added 2022/01/13 9:15 p.m.•1 views

CVE-2022-22991

8.8CVSS7.3AI score

Exploits0References2

Prion•added 2022/01/13 9:15 p.m.•11 views

Command injection

8.3CVSS8.8AI score0.00084EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/01/13 8:27 p.m.•12 views

CVE-2022-22991 Command injection through unsecured HTTP calls on Western Digital My Cloud devices

7.8CVSS9.5AI score0.00084EPSS

Exploits0References2

OpenVAS•added 2019/09/18 12:0 a.m.•23 views

D-Link DNS-320 Remote Command Injection Vulnerability

The D-Link DNS-320 NAS-device is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

10CVSS9.5AI score0.94047EPSS

Exploits1References4

OSV•added 2019/08/07 1:15 p.m.•0 views

CVE-2016-10861

Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password...

6.5CVSS5.8AI score0.00117EPSS

Exploits0References1

OSV•added 2019/05/14 9:29 p.m.•0 views

CVE-2018-14839

LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code remote. The attack vector is: HTTP POST with parameters...

9.8CVSS6.1AI score0.89296EPSS

Exploits1References2

OpenVAS•added 2019/03/06 12:0 a.m.•73 views

Drobo NAS Detection (NASd)

NASd based detection of Drobo NAS devices. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.142077...

7.3AI score

Exploits0

CNVD•added 2018/12/05 12:0 a.m.•1 views

ASUSTOR ADM Operating System Command Injection Vulnerability

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An operating system command injection vulnerability exists in the group.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'name' POST parameter to execute...

9CVSS9.3AI score0.1198EPSS

Exploits1References1