Export limit exceeded: 366811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-48864 1 Qnap 1 File Station 2025-09-19 9.1 Critical
A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4741 and later
CVE-2025-30262 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later
CVE-2025-30261 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later
CVE-2025-5262 1 Mozilla 1 Thunderbird 2025-09-19 7.5 High
A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.
CVE-2025-5321 2 Aimhubio, Aimstack 2 Aim, Aim 2025-09-19 6.3 Medium
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-30260 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-29900 1 Qnap 1 File Station 2025-09-19 6.5 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
CVE-2025-29899 1 Qnap 1 File Station 2025-09-19 6.5 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
CVE-2025-33038 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-33037 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-23305 1 Nvidia 1 Megatron-lm 2025-09-19 7.8 High
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-23306 1 Nvidia 1 Megatron-lm 2025-09-19 7.8 High
NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33036 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-33033 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-30278 1 Qnap 1 Qsync Central 2025-09-19 8.8 High
An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-30277 1 Qnap 1 Qsync Central 2025-09-19 8.8 High
An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-30275 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
CVE-2025-30263 1 Qnap 1 Qsync Central 2025-09-19 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later
CVE-2024-35836 1 Linux 1 Linux Kernel 2025-09-19 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel module is again bound, the pin properties would not be updated (the properties are only assigned when memory for the pin is allocated), prop pointer still points to the kernel module memory of the kernel module which was deallocated on the unbind. If the pin dump is invoked in this state, the result is a kernel crash. Prevent the crash by storing persistent pin properties in dpll subsystem, copy the content from the kernel module when pin is allocated, instead of using memory of the kernel module.
CVE-2024-35834 1 Linux 1 Linux Kernel 2025-09-19 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce descriptor to XSK Rx queue.