CVE-2024-13342 - "Booster for WooCommerce Remote File Upload Vulnerability"
CVE ID : CVE-2024-13342
Published : Aug. 29, 2025, 11:15 a.m. | 3 hours, 31 minutes ago
Description : The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13342
Published : Aug. 29, 2025, 11:15 a.m. | 3 hours, 31 minutes ago
Description : The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9217 - Slider Revolution WordPress Path Traversal Vulnerability
CVE ID : CVE-2025-9217
Published : Aug. 29, 2025, 11:15 a.m. | 3 hours, 30 minutes ago
Description : The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9217
Published : Aug. 29, 2025, 11:15 a.m. | 3 hours, 30 minutes ago
Description : The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40702 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-40702
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 31 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/file" petition, "creator" and "license_holder" parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40702
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 31 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/file" petition, "creator" and "license_holder" parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40703 - OpenAtlas Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-40703
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 31 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/group" petition, "name" and "alias-0” parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40703
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 31 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/group" petition, "name" and "alias-0” parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40704 - OpenAtlas XSS: Unvalidated User Input in "/insert/edition" "/name" Parameter
CVE ID : CVE-2025-40704
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 31 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/edition" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40704
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 31 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/edition" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40705 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)
CVE ID : CVE-2025-40705
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/acquisition" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40705
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/acquisition" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40706 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)
CVE ID : CVE-2025-40706
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/source" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40706
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/source" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40707 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-40707
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/place" petition, "name" and "alias-0” parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40707
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/place" petition, "name" and "alias-0” parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40708 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)
CVE ID : CVE-2025-40708
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/event" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40708
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/event" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40709 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)
CVE ID : CVE-2025-40709
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/person/” petition, "name" and "alias-0” parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40709
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/person/” petition, "name" and "alias-0” parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9643 - ApacheCampus Apartment Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9643
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9643
Published : Aug. 29, 2025, 12:15 p.m. | 2 hours, 30 minutes ago
Description : A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9644 - iSourcecode Apartment Management System SQL Injection
CVE ID : CVE-2025-9644
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9644
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9645 - iSourcecode Apartment Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9645
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9645
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9646 - O2OA Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9646
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9646
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9647 - Mtons MBlog Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9647
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9647
Published : Aug. 29, 2025, 1:15 p.m. | 1 hour, 30 minutes ago
Description : A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9649 - "Appneta Tcpreplay Division-by-Zero Vulnerability"
CVE ID : CVE-2025-9649
Published : Aug. 29, 2025, 2:15 p.m. | 30 minutes ago
Description : A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9649
Published : Aug. 29, 2025, 2:15 p.m. | 30 minutes ago
Description : A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9650 - Yeqifu CarRental File Path Traversal Vulnerability
CVE ID : CVE-2025-9650
Published : Aug. 29, 2025, 2:15 p.m. | 30 minutes ago
Description : A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9650
Published : Aug. 29, 2025, 2:15 p.m. | 30 minutes ago
Description : A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9651 - Shafhasan Chatbox SQL Injection Vulnerability
CVE ID : CVE-2025-9651
Published : Aug. 29, 2025, 2:15 p.m. | 30 minutes ago
Description : A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results in sql injection. The attack may be performed from a remote location. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9651
Published : Aug. 29, 2025, 2:15 p.m. | 30 minutes ago
Description : A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results in sql injection. The attack may be performed from a remote location. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30264 - QNAP QTS Command Injection Vulnerability
CVE ID : CVE-2025-30264
Published : Aug. 29, 2025, 6:15 p.m. | 31 minutes ago
Description : A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30264
Published : Aug. 29, 2025, 6:15 p.m. | 31 minutes ago
Description : A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30265 - QNAP QTS and QuTS hero Buffer Overflow Vulnerability
CVE ID : CVE-2025-30265
Published : Aug. 29, 2025, 6:15 p.m. | 31 minutes ago
Description : A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30265
Published : Aug. 29, 2025, 6:15 p.m. | 31 minutes ago
Description : A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30267 - QNAP QTS NULL Pointer Denial-of-Service Vulnerability
CVE ID : CVE-2025-30267
Published : Aug. 29, 2025, 6:15 p.m. | 31 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30267
Published : Aug. 29, 2025, 6:15 p.m. | 31 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...