Latest CVE Feed
-
7.1
HIGHCVE-2025-30260
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more
Affected Products : qsync_central- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2025-29900
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from ... Read more
Affected Products : file_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2025-29899
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from ... Read more
Affected Products : file_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
6.0
MEDIUMCVE-2025-29898
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnera... Read more
Affected Products : qsync_central- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-29894
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more
Affected Products : qsync_central- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-29893
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more
Affected Products : qsync_central- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-29890
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from ... Read more
Affected Products : file_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-29889
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more
Affected Products : file_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-29888
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more
Affected Products : file_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2025-29887
A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the follo... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-29886
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more
Affected Products : file_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-29882
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi... Read more
- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-9664
A security flaw has been discovered in code-projects Simple Grading System 1.0. Affected is an unknown function of the file /add_student_grade.php of the component Admin Panel. The manipulation of the argument Add results in sql injection. It is possible ... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-9663
A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /edit_account.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-9662
A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote lo... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-9660
A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is poss... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-55763
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt h... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-55580
SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the client's functionality.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-55579
SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the Tax Rate functionality.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-29879
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more
Affected Products : file_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service