Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32969 1 Qnap 3 Qts, Quts Hero, Qutscloud 2025-12-05 4.9 Medium
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later
CVE-2024-45538 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-12-05 9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2024-45539 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-12-05 7.5 High
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.
CVE-2024-5401 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-12-05 4.3 Medium
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.
CVE-2025-29843 1 Synology 2 File Station, Router Manager 2025-12-05 5.4 Medium
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVE-2025-29844 1 Synology 2 File Station, Router Manager 2025-12-05 4.3 Medium
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
CVE-2025-29845 1 Synology 1 Router Manager 2025-12-05 4.3 Medium
A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
CVE-2024-21905 1 Qnap 3 Qts, Quts Hero, Qutscloud 2025-12-05 6.5 Medium
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later
CVE-2024-27124 1 Qnap 3 Qts, Quts Hero, Qutscloud 2025-12-05 7.5 High
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVE-2023-47222 1 Qnap 1 Media Streaming Add-on 2025-12-05 9.6 Critical
An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
CVE-2024-53684 1 Socomec 2 Diris M-70, Diris M-70 Firmware 2025-12-05 7.5 High
A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability.
CVE-2024-49572 1 Socomec 2 Diris M-70, Diris M-70 Firmware 2025-12-05 7.2 High
A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2024-50406 1 Qnap 1 License Center 2025-12-05 5.4 Medium
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later
CVE-2024-48894 1 Socomec 2 Diris M-70, Diris M-70 Firmware 2025-12-05 5.9 Medium
A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
CVE-2024-48882 1 Socomec 2 Diris M-70, Diris M-70 Firmware 2025-12-05 8.6 High
A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2025-22483 1 Qnap 1 License Center 2025-12-05 4.8 Medium
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: License Center 1.8.51 and later License Center 1.9.51 and later
CVE-2025-64336 2 Clip-bucket, Oxygenz 2 Clipbucket, Clipbucket 2025-12-05 5.4 Medium
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.
CVE-2025-57698 1 Astrbot 1 Astrbot 2025-12-05 7.5 High
AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function `file.save`, so that the file in the request body can be saved to any location in the file system through directory traversal.
CVE-2025-26858 1 Socomec 2 Diris M-70, Diris M-70 Firmware 2025-12-05 8.6 High
A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
CVE-2025-23417 1 Socomec 2 Diris M-70, Diris M-70 Firmware 2025-12-05 8.6 High
A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.