Aggregator

CVE-2025-54168 | QNAP QuLog Center 1.2.0/1.7.0.827/1.7.0.831/1.8.0.872/1.8.0.888 cross site scripting (qsa-25-42)

VulDB Recent Entries
3 months ago
A vulnerability described as problematic has been identified in QNAP QuLog Center 1.2.0/1.7.0.827/1.7.0.831/1.8.0.872/1.8.0.888. This vulnerability affects unknown code. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-54168. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-54167 | QNAP Notification Center 1.9.2.3163/2.1.0.3443/3.0.0.3466 cross site scripting (qsa-25-40)

VulDB Recent Entries
3 months ago
A vulnerability marked as problematic has been reported in QNAP Notification Center 1.9.2.3163/2.1.0.3443/3.0.0.3466. This affects an unknown part. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-54167. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-63691 | pig-mesh Pig up to 3.8.2 System Management page information disclosure (Issue 1202)

VulDB Recent Entries
3 months ago
A vulnerability labeled as problematic has been found in pig-mesh Pig up to 3.8.2. Affected by this issue is some unknown functionality of the file /api/admin/sys-token/page of the component System Management Module. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-63691. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

Fortinet’s Fabric-Based Approach to Cloud Security

Security Boulevard
3 months ago

The enterprise migration to the cloud has created a security paradox. While digital transformation and multi-cloud architectures promise agility, they have also delivered unprecedented complexity. This complexity is the modern CISO’s greatest enemy. For every new cloud environment, SaaS application, or remote workforce, a new, siloed security tool has usually been procured. The result is..

The post Fortinet’s Fabric-Based Approach to Cloud Security appeared first on Security Boulevard.

Alastair Cooke

CVE-2025-63783 | Onlook Web Application 0.2.32 tRPC Project Mutation API improper authentication

VulDB Recent Entries
3 months ago
A vulnerability identified as critical has been detected in Onlook Web Application 0.2.32. Affected by this vulnerability is an unknown functionality of the component tRPC Project Mutation API. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-63783. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

CVE-2025-63686 | GuoMinJim PersonManage up to 5a02b1ab208feacf3a34fc123c9381162afbaa95 information disclosure (Issue 10)

VulDB Recent Entries
3 months ago
A vulnerability categorized as problematic has been discovered in GuoMinJim PersonManage up to 5a02b1ab208feacf3a34fc123c9381162afbaa95. Affected is an unknown function. Executing manipulation can lead to information disclosure. This vulnerability appears as CVE-2025-63686. The attacker needs to be present on the local network. There is no available exploit. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2025-57712 | QNAP Qsync Central up to 5.0.0.2 User Account path traversal (qsa-25-41)

VulDB Recent Entries
3 months ago
A vulnerability was found in QNAP Qsync Central up to 5.0.0.2. It has been classified as critical. The impacted element is an unknown function of the component User Account Handler. This manipulation causes path traversal. This vulnerability is registered as CVE-2025-57712. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

INC

Dark Feed IO
3 months ago

You must login to view this content

cohenido

CVE-2025-53412 | QNAP File Station prior 5.5.6.5018 User Account null pointer dereference (qsa-25-38)

VulDB Recent Entries
3 months ago
A vulnerability was found in QNAP File Station 5.5.6.4741/5.5.6.4791/5.5.6.4847/5.5.6.4907/5.5.6.4933 and classified as problematic. The affected element is an unknown function of the component User Account Handler. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-53412. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-53408 | QNAP File Station prior 5.5.6.5018 User Account null pointer dereference (qsa-25-38)

VulDB Recent Entries
3 months ago
A vulnerability has been found in QNAP File Station 5.5.6.4741/5.5.6.4791/5.5.6.4847/5.5.6.4907/5.5.6.4933 and classified as problematic. Impacted is an unknown function of the component User Account Handler. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-53408. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

INC

Dark Feed IO
3 months ago

You must login to view this content

cohenido

CVE-2025-52865 | QNAP File Station prior 5.5.6.5018 User Account null pointer dereference (qsa-25-38)

VulDB Recent Entries
3 months ago
A vulnerability, which was classified as problematic, was found in QNAP File Station 5.5.6.4741/5.5.6.4791/5.5.6.4847/5.5.6.4907/5.5.6.4933. This issue affects some unknown processing of the component User Account Handler. Executing manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2025-52865. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2025-47207 | QNAP File Station prior 5.5.6.5018 User Account null pointer dereference (qsa-25-38)

VulDB Recent Entries
3 months ago
A vulnerability classified as problematic was found in QNAP File Station 5.5.6.4741/5.5.6.4791/5.5.6.4847/5.5.6.4907/5.5.6.4933. This affects an unknown part of the component User Account Handler. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-47207. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.
vuldb.com

Hackers Can Attack Active Directory Sites to Escalate Privileges and Domain Compromise

Cyber Security News
3 months ago

Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The Synacktiv security researchers have demonstrated that these supposedly safe network management tools can be weaponized to launch powerful attacks against enterprise environments.​ The vulnerability emerges because Active Directory sites can be linked to […]

The post Hackers Can Attack Active Directory Sites to Escalate Privileges and Domain Compromise appeared first on Cyber Security News.

Abinaya

CVE-2025-63689 | ycf1998 money-pos system orderby sql injection

VulDB Recent Entries
3 months ago
A vulnerability classified as critical has been found in ycf1998 money-pos system. Affected by this issue is some unknown functionality. This manipulation of the argument orderby causes sql injection. The identification of this vulnerability is CVE-2025-63689. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad