Search Results (364818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-52869 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 8.1 High
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-52870 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 8.1 High
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-53598 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54146 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54147 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54148 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54149 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54150 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54151 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54152 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2026-26092 2026-02-12 N/A
Not used
CVE-2026-26091 2026-02-12 N/A
Not used
CVE-2026-26090 2026-02-12 N/A
Not used
CVE-2026-26089 2026-02-12 N/A
Not used
CVE-2026-26088 2026-02-12 N/A
Not used
CVE-2026-26087 2026-02-12 N/A
Not used
CVE-2026-26086 2026-02-12 N/A
Not used
CVE-2026-26085 2026-02-12 N/A
Not used
CVE-2026-1609 1 Keycloak 1 Keycloak-quarkus-server 2026-02-11 8.1 High
A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources.
CVE-2025-3722 1 Trellix 1 System Information Reporter 2026-02-11 4.4 Medium
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.