CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

CVE-2026-8272

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfilemgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

Exploit for OS Command Injection in Asustor Data_Master

No d...

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

nrf 访问控制错误漏洞

nrf is a network storage library module open-sourced by free5GC. Versions prior to nrf 1.4.2 contained an access control vulnerability, which stemmed from improper input validation in the EncodeGroupId function. This vulnerability could lead to denial of service attacks...

D-Link多款产品 命令注入漏洞

D-Link DNS-120, etc., are products of D-Link Corporation from China. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection vulnerabilities, which stem...

D-Link多款产品 命令注入漏洞

D-Link DNS-120, etc., are products of D-Link Corporation from China. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection vulnerabilities, which stem...

CVE-2026-4195

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file...

CVE-2026-23179

The CVE affects the Linux kernel nvmet-tcp implementation. A deadlock could occur when a socket is closed during TCP_LISTEN because nvmet_tcp_listen_data_ready() is called with sk_callback_lock held; the fix adds a TCP_LISTEN check before acquiring the lock to avoid deadlock. The issue is resolve...

CVE-2026-23112

CVE-2026-23112 affects the Linux kernel nvmet-tcp implementation. The issue in nvmet_tcp_build_pdu_iovec allows walking past cmd->req.sg when a PDU length/offset exceeds sg_cnt, causing bogus sg->length/offset usage and leading to _copy_to_iter() GPF/KASAN. The fix adds guards for sg_idx, r...

PT-2026-7539

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

CVE-2025-69429

The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

CVE-2025-69429

Affected product: ORICO NAS CD3510 (versions V1.9.12 and below). Vulnerability: Incorrect Symlink Follow that lets an attacker format a USB drive (ext4), create a symbolic link to the drive’s root, insert it into the NAS, and access the symlink directory mounted on the NAS to leak or tamper with ...

EUVD-2026-5038

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages...

CVE-2026-22626

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages...

CVE-2026-22625

Technical details for CVE-2026-22625 are not provided in the supplied documents beyond the basic description; monitor for updates from Hiksemi and Red Hat advisories.

Hiksemi NAS security vulnerabilities

HIKSEMI NAS is a private cloud storage device of China's HIKSEMI Corporation. There is a security vulnerability in HIKSEMI NAS, which stems from insufficient validation of interface input parameters. This vulnerability may allow authenticated users to execute arbitrary commands...

PT-2026-3274

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands...

CVE-2025-53593 QTS, QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...