Search
Search Results (311230 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32767 | 1 Qnap | 1 Photo Station | 2025-09-20 | 6.3 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | ||||
| CVE-2024-32768 | 1 Qnap | 1 Photo Station | 2025-09-20 | 6.3 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | ||||
| CVE-2024-32769 | 1 Qnap | 1 Photo Station | 2025-09-20 | 6.3 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | ||||
| CVE-2024-53693 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-20 | 7.1 High |
| An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | ||||
| CVE-2024-53692 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-20 | 4.7 Medium |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | ||||
| CVE-2024-50405 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-20 | 5.5 Medium |
| An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | ||||
| CVE-2025-9523 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-09-20 | 9.8 Critical |
| A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-51534 | 2 Austrian Archaeological Institute, Craws | 2 Openatlas, Openatlas | 2025-09-20 | 8.1 High |
| A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field. | ||||
| CVE-2025-51535 | 2 Austrian Archaeological Institute, Craws | 2 Openatlas, Openatlas | 2025-09-20 | 9.1 Critical |
| Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. | ||||
| CVE-2025-54617 | 1 Huawei | 1 Harmonyos | 2025-09-20 | 6.8 Medium |
| Stack-based buffer overflow vulnerability in the dms_fwk module. Impact: Successful exploitation of this vulnerability can cause RCE. | ||||
| CVE-2025-54628 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | 5.3 Medium |
| Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-59727 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59726 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59725 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59724 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59723 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59722 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59721 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59720 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-54630 | 1 Huawei | 1 Harmonyos | 2025-09-20 | 6.8 Medium |
| :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||