75 matches found
Honeywell IQ4x 访问控制错误漏洞
The Honeywell IQ4x is a series of network controllers within the building automation systems developed by the American company Honeywell. The Honeywell IQ4x has a vulnerability related to access control, which stems from the default configuration where authentication is not enabled. This...
CVE-2025-54148
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2025-48724
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...
CVE-2025-57708
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...
CVE-2025-48722
CVE-2025-48722 describes a NULL pointer dereference in Qsync Central . If a remote attacker can obtain a user account, they can trigger a denial-of-service (DoS) against the service. Affected: Qsync Central prior to 5.0.0.4. Root cause: NULL pointer dereference leading to service disruption. Impa...
CVE-2025-48723
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...
PT-2026-7538
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
PT-2026-6933
Name of the Vulnerable Software and Affected Versions macrozheng mall versions prior to 1.0.4 Description The software contains an authentication issue in the password reset process. An unauthenticated attacker can reset user account passwords using only a victim’s telephone number. The one-time...
mall 授权问题漏洞
Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization issues and vulnerabilities. These vulnerabilities stemmed from authentication flaws in the...
CVE-2019-18800
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...
CVE-2019-11332
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...
CVE-2025-53592 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...
CVE-2025-52872
CVE-2025-52872 is a buffer overflow vulnerability reported to affect QNAP OS versions, notably QTS and QuTS hero. The issue is described as a buffer copy/overflow that enables a remote attacker who has a user account to modify memory or crash processes. Affected products include QTS and QuTS hero...
EUVD-2025-38280
A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Statio...
CVE-2025-53412
The CVE-2025-53412 issue affects QNAP File Station 5.0 and later, caused by a NULL pointer dereference that can be exploited by a remote attacker who has a user account to trigger a DoS. The NVD entry lists a Network attack vector with Low complexity, Low privileges required, and a Medium overall...
EUVD-2016-7349
Malware in sbrugna...
EUVD-2001-1480
Malware in sbrugna...