Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-38696

    SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication.... Read more

    Affected Products : saraban
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38695

    SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form.... Read more

    Affected Products : saraban
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38694

    SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.... Read more

    Affected Products : saraban
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-38693

    A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have alre... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38692

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38691

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38690

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38689

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-38688

    An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile:... Read more

    Affected Products : qfile
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38687

    A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Sur... Read more

    Affected Products : qts surveillance_station
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-38686

    An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QV... Read more

    Affected Products : qvr
    • Published: Nov. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38685

    A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6... Read more

    Affected Products : qvr
    • Published: Nov. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38684

    A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multi... Read more

    Affected Products : multimedia_console
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38682

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38681

    A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from... Read more

    Affected Products : ragic_cloud_db nas
    • Published: Nov. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38680

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions ... Read more

    Affected Products : kazoo_server
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38679

    An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versi... Read more

    Affected Products : kazoo_server
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38678

    An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the follo... Read more

    Affected Products : qcalagent
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-38677

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of ... Read more

    Affected Products : qcalagent
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38675

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of ... Read more

    Affected Products : image2pdf nas
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results