CVE-2025-11024

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-48VW-M3QC-WR99...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32016 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32016 Source advisory: OSV:GHSA-7F4Q-9RQH-X36P...

WordPress Ebook Store plugin <= 5.8001 - Reflected Cross-Site Scripting via 'step' vulnerability

Reflected Cross-Site Scripting via 'step' vulnerability discovered by nvthien in WordPress Plugin Ebook Store versions = 5.8001...

CVE-2025-44014

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 2025/07/09 and la...

CVE-2025-44014

CVE-2025-44014 affects QNAP Qsync Central prior to 5.0.0.1. The root cause is an out-of-bounds write that can allow a remote attacker with a user account to modify or corrupt memory. Public docs describe the impact as memory modification/corruption with high severity, and the issue is mitigated b...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP Qsync Central versions prior to 5.0.0.1 that stems from a null pointer dereference and could lead to a denial of service attack...

CVE-2025-8079

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS. This issue affects Smart Trade E-Commerce: before 4.5.0.0.1...

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...

CVE-2023-21925

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications component: Core. Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2022-22579

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application...

Playloom Engine 信息泄露漏洞

Playloom Engine is an open source, high-performance game development engine from Quetro Personal Developers. It is designed to help developers create immersive 2D and 3D games. An information disclosure vulnerability exists in Playloom Engine version v0.0.1. The vulnerability stems from the...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS Inc. in the United States. A security vulnerability exists in AeroCMS version v0.0.1, which stems from the presence of a SQL injection by deleting parameters...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and backup protection of environmental data such as metadata and virtual environments. A security...

lodash input validation error vulnerability

lodash is an open source JavaScript utility library . An input validation error vulnerability exists in lodash version 0.0.1 for Node.js. The vulnerability stems from a network system or product that does not properly validate input data. No details of the vulnerability are provided at this time...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2019-14592)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

Visual Studio 2019 version 16.11.52 update

This security update applies to all editions of Visual Studio 2019 between versions 16.0.0 and 16.11.51, and will update client machines to version 16.11.52. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in orde...