Search
Search Results (328883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37043 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | 4.9 Medium |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | ||||
| CVE-2024-37042 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | 4.9 Medium |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | ||||
| CVE-2024-37041 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | 7.2 High |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | ||||
| CVE-2024-11149 | 1 Openbsd | 1 Openbsd | 2025-09-23 | 7.9 High |
| In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. | ||||
| CVE-2024-12364 | 2025-09-23 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection.This issue affects Guest Tracking Software. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-12150 | 2025-09-23 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects Wowwo CRM. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-12143 | 2025-09-23 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection.This issue affects Mikro Hand Terminal - MikroDB. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-12367 | 1 Vegagrup | 1 Vega Master | 2025-09-23 | 8.6 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-12913 | 2025-09-23 | 8.8 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection.This issue affects Azora Wireless Network Management: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-13174 | 1 E1 Informatics | 1 Web Application | 2025-09-23 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection.This issue affects Web Application: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-13149 | 1 Arma Store | 1 Armalife | 2025-09-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection.This issue affects Armalife: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2025-9972 | 2 N-partner, Planet | 4 N-cloud, N-probe, N-reporter and 1 more | 2025-09-23 | 9.8 Critical |
| Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device. | ||||
| CVE-2025-59885 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59884 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59883 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59882 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59881 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59880 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59879 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59878 | 2025-09-23 | N/A | ||
| Not used | ||||