CVE-2025-48723 Qsync Central

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

CVE-2025-48723

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

CVE-2025-48723

CVE-2025-48723 describes a buffer overflow in Qsync Central. A remote attacker who has a user account can exploit this vulnerability to modify memory or crash processes. A fixed version is available: Qsync Central 5.0.0.4 and later (2026-01-20). Affected products are Qsync Central versions prior ...

CVE-2025-48724

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

CVE-2025-48724 Qsync Central

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

CVE-2025-48725 QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

CVE-2025-52868

CVE-2025-52868 is a buffer overflow in Qsync Central. The issue allows a remote attacker who has a user account to modify memory or crash processes. A fix is available in Qsync Central 5.0.0.4 (2026-01-20) and later; users should upgrade to receive mitigation. The connected sources corroborate th...

CVE-2025-52869

CVE-2025-52869 affects Qsync Central. A buffer overflow vulnerability allows a remote, authenticated attacker to modify memory or crash processes. Impact is linked to Qsync Central prior to 5.0.0.4; mitigation is to upgrade to 5.0.0.4 or later. The provided documents confirm the existence, affect...

CVE-2025-57709

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

VulnCheck KEV: CVE-2025-70795

STProcessMonitor Driver contains an insecure IOCTL vulnerability that allows local attackers to terminate arbitrary kernel processes by bypassing validation. Attackers can exploit the exposed process termination functionality to disable security products and gain control of the affected system...

PT-2026-7541

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A buffer overflow issue exists in Qsync Central. A remote attacker who obtains a user account can potentially exploit this to alter memory or cause processes to crash. Recommendations Update ...

[SECURITY] Fedora 42 Update: openqa-5^20250711git28a0214-4.fc42

openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is...

Microhard IPn4G Cellular Gateways Incorrect Authorization (CVE-2018-25146)

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service...

Unity Linux 20.1070e Security Update: screen (UTSA-2026-005208)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005208 advisory. Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

PT-2026-4909

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005046 advisory. In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one devic...

Exploit for CVE-2023-52271

Disclaimer: This repository contains code that is provided stric...

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code VS Code extension ecosystem. "The malware is designed to exfiltrate sensitive informatio...