CVE-2025-66280 QTS, QuTS hero

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

CVE-2025-52427

The CVE-2025-52427 issue affects QNAP QTS and QuTS hero (QTS 5.2.6.3195 build 20250715 and later; QuTS hero h5.2.6.3195 build 20250715 and later) and is caused by a NULL pointer dereference in the OS. The vulnerability can be triggered by an administrator-level account, enabling a remote attacker...

CVE-2020-19882

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menudescription' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

IonizeCMS 1.0.8 - Cross-Site Request Forgery (Add Admin)

IonizeCMS 1.0.8 - Cross-Site Request Forgery Add Admin document.forms0.submit;...

HyperBook Guestbook 1.3 - GBConfiguration.DAT Hashed Password Information Disclosure

source: https://www.securityfocus.com/bid/22754/info HyperBook Guestbook is prone to an information-disclosure vulnerability because the application fails to protect sensitive information. An attacker can exploit this issue to access sensitive information that may lead to other attacks. This issu...