🚨 CVE-2023-47220
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following version:
Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later

🎖@cveNotify

🚨 CVE-2024-38647
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.

We have already fixed the vulnerability in the following version:
QNAP AI Core 3.4.1 and later

🎖@cveNotify

🚨 CVE-2025-64331
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves using default HTTP response body limits and/or disabling http-body-printable logging; body logging is disabled by default.

🎖@cveNotify

🚨 CVE-2025-64335
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

🎖@cveNotify

🚨 CVE-2025-54848
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.

🎖@cveNotify

🚨 CVE-2025-59696
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.

🎖@cveNotify

🚨 CVE-2025-59697
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.

🎖@cveNotify

🚨 CVE-2025-59698
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.

🎖@cveNotify

🚨 CVE-2025-59699
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.

🎖@cveNotify

🚨 CVE-2025-59700
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).

🎖@cveNotify

🚨 CVE-2025-59701
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).

🎖@cveNotify

🚨 CVE-2025-54612
Iterator failure vulnerability in the card management module.
Impact: Successful exploitation of this vulnerability may affect function stability.

🎖@cveNotify

🚨 CVE-2025-54613
Iterator failure vulnerability in the card management module.
Impact: Successful exploitation of this vulnerability may affect function stability.

🎖@cveNotify

🚨 CVE-2025-54621
Iterator failure issue in the WantAgent module.
Impact: Successful exploitation of this vulnerability may cause memory release failures.

🎖@cveNotify

🚨 CVE-2025-54626
Pointer dangling vulnerability in the cjwindow module.
Impact: Successful exploitation of this vulnerability may affect function stability.

🎖@cveNotify

🚨 CVE-2025-54629
Race condition issue occurring in the physical page import process of the memory management module.
Impact: Successful exploitation of this vulnerability may affect service integrity.

🎖@cveNotify

🚨 CVE-2025-54639
ParcelMismatch vulnerability in attribute deserialization.
Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.

🎖@cveNotify

🚨 CVE-2024-58255
EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.

🎖@cveNotify

🚨 CVE-2024-58256
EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.

🎖@cveNotify

🚨 CVE-2024-58257
EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.

🎖@cveNotify

🚨 CVE-2025-13639
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

🎖@cveNotify