Skip to main content
CVE-2025-64120 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-52872 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52864 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52863 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-62842 HIGH This Week

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. [CVSS 7.8 HIGH]

Information Disclosure Hybrid Backup Sync
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59384 HIGH This Week

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 7.5 HIGH]

Path Traversal Qfiling
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9110 HIGH This Week

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. [CVSS 7.5 HIGH]

Qnap Quts Hero Qts
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59381 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Qnap Path Traversal
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34171 MEDIUM This Month

Casaos contains a vulnerability that allows attackers to retrieve sensitive configuration files and system debug information (CVSS 5.3).

Information Disclosure Casaos
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-47208 MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Qnap Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-53592 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-44013 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-62852 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53593 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53591 MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by use of externally-controlled format string (CVSS 6.5).

Qnap Quts Hero Qts
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53597 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Buffer Overflow Denial Of Service License Center
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48721 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52871 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure License Center
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12685 MEDIUM This Month

WPBookit WordPre versions up to 1.0.7 contains a vulnerability that allows attackers to an unauthenticated attacker to delete any customer through a CSRF attack (CVSS 6.5).

WordPress CSRF PHP
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62857 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. [CVSS 6.1 MEDIUM]

XSS Qumagie
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-0571 LOW POC Monitor

Path traversal in the yeqifu Warehouse application's file handling function allows authenticated attackers to read arbitrary files on the system through manipulated path parameters. Public exploit code exists for this vulnerability, increasing the risk of exploitation. The rolling-release nature of the product means affected users lack clear version guidance and no official patch is currently available.

Path Traversal Warehouse
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-0547 LOW POC Monitor

Unrestricted file upload in PHPGurukul Online Course Registration versions up to 3.1 allows authenticated attackers to upload arbitrary files through the student profile photo parameter in /admin/edit-student-profile.php. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with login credentials can exploit this remotely to potentially execute malicious code or compromise the application.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15423 LOW POC Monitor

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. [CVSS 6.3 MEDIUM]

PHP Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-45286 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. [CVSS 6.1 MEDIUM]

XSS Go Httpbin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13456 MEDIUM This Month

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13153 MEDIUM This Month

Logo Slider WordPre versions up to 4.9.0 contains a vulnerability that allows attackers to users with the contributor role and above to perform Stored Cross-Site Scripting (CVSS 6.1).

WordPress Golang XSS PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-15438 LOW POC Monitor

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the component Media Management Module. [CVSS 4.7 MEDIUM]

PHP Deserialization
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-0566 LOW POC Monitor

Unrestricted file upload in code-projects CMS 1.0 via the image parameter in /admin/edit_posts.php allows authenticated administrators to upload arbitrary files remotely. Public exploit code exists for this vulnerability, though a patch is not yet available. The issue affects PHP-based installations and requires high-level privileges to exploit.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-21429 LOW POC Monitor

Emlog 2.5.23 contains an integrity bypass vulnerability that allows authenticated administrators to restrict legitimate users from editing or deleting their own published articles through improper access controls. This medium-severity flaw (CVSS 4.3) enables privileged users to modify content permissions without authorization, and public exploit code exists. No patch is currently available for affected installations.

Authentication Bypass Emlog
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15437 LOW POC PATCH Monitor

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. [CVSS 3.5 LOW]

XSS Ligerosmart
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15418 LOW POC PATCH Monitor

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. [CVSS 3.3 LOW]

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15419 LOW POC PATCH Monitor

A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler. [CVSS 3.3 LOW]

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-64122 MEDIUM This Month

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1. [CVSS 5.5 MEDIUM]

Authentication Bypass Nplatform
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14047 MEDIUM This Month

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission - WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-55374 MEDIUM This Month

Redcap versions up to 14.3.13 contains a vulnerability that allows attackers to enumerate usernames due to an observable discrepancy between login attempts (CVSS 5.3).

Information Disclosure Redcap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-57705 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1...

Qnap Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53596 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53590 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53589 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53414 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53405 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52431 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52430 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52426 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54166 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54165 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54164 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-59380 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-69284 MEDIUM This Month

Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. [CVSS 4.3 MEDIUM]

Authentication Bypass Plane
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62840 LOW Monitor

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. [CVSS 3.3 LOW]

Information Disclosure Hybrid Backup Sync
NVD
CVSS 3.1
3.3
EPSS
0.0%
Prev Page 2 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy