📅 Weekly CVE Roundup

This CVE describes a remote buffer overflow vulnerability in UTT 进取 512W router firmware version 1.7.7-171114. Attac...

A remote buffer overflow vulnerability in UTT 进取 512W firmware version 1.7.7-171114 allows attackers to execute arbi...

This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 512W devices via a buffer overflow in...

A buffer overflow vulnerability in QNAP operating systems allows authenticated remote attackers to modify memory or cras...

A buffer overflow vulnerability in QNAP operating systems allows authenticated remote attackers to modify memory or cras...

A buffer overflow vulnerability in QNAP operating systems allows authenticated remote attackers to modify memory or cras...

A path traversal vulnerability in Qfiling allows remote attackers to read arbitrary files on the system by manipulating ...

An integer underflow vulnerability in gpsd's NAVCOM packet parser causes a denial of service condition. When processing ...

This CVE-2025-9110 vulnerability allows remote attackers to read sensitive system information from affected QNAP devices...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0's /worksheet/agent_work_report.jsp endpoint via the ...

This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in the /worksheet/agen...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 through the /worksheet/agent_worksdel.jsp endpoint. ...

This vulnerability in jackying H-ui.admin allows attackers to upload arbitrary files without restrictions via the /lib/w...

This vulnerability allows remote attackers to execute SQL injection attacks against Yonyou KSOA 9.0 through the /kp/Prin...

Signal K Server versions before 2.19.0 allow authenticated administrators to install npm packages from arbitrary sources...

A NULL pointer dereference vulnerability in QNAP operating systems allows authenticated remote attackers to cause denial...

This CVE describes a resource exhaustion vulnerability in QNAP operating systems where authenticated remote attackers ca...

A format string vulnerability in QNAP operating systems allows attackers with administrator access to read sensitive dat...

A NULL pointer dereference vulnerability in QNAP operating systems allows authenticated remote attackers to cause denial...

A buffer overflow vulnerability in QNAP operating systems allows remote attackers with administrator credentials to modi...

A buffer overflow vulnerability in QNAP operating systems allows remote attackers with administrator credentials to modi...

An out-of-bounds read vulnerability in QNAP License Center allows authenticated remote attackers to read sensitive memor...

A buffer overflow vulnerability in QNAP License Center allows authenticated administrators to modify memory or crash pro...

A buffer overflow vulnerability in QNAP operating systems allows remote attackers with administrator credentials to modi...

Signal K Server versions before 2.19.0 have vulnerabilities that allow attackers to craft convincing social engineering ...

This vulnerability allows remote attackers to upload arbitrary files via the photo parameter in the student registration...

This SQL injection vulnerability in Daptin's Aggregate API allows remote attackers to execute arbitrary SQL commands by ...

The Logo Slider WordPress plugin before version 4.9.0 contains a stored cross-site scripting (XSS) vulnerability. Users ...

ShopBuilder WordPress plugin before version 3.2.2 contains a reflected cross-site scripting (XSS) vulnerability where un...

This CVE describes a cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 that allows attackers to inje...

A cross-site scripting (XSS) vulnerability in QuMagie allows remote attackers to inject malicious scripts that execute i...

Signal K Server versions before 2.19.0 have an unauthenticated information disclosure vulnerability that allows any user...

An out-of-bounds read vulnerability in wabt's wasm-decompile tool allows local attackers to read memory beyond intended ...

A memory corruption vulnerability in wasm3 up to version 0.5.0 allows local attackers to potentially execute arbitrary c...

This vulnerability in the WP User Frontend WordPress plugin allows unauthenticated attackers to delete attachments witho...

This is a path traversal vulnerability in yeqifu carRental software that allows attackers to access arbitrary files on t...

REDCap 14.3.13 has a username enumeration vulnerability where attackers can distinguish between valid and invalid userna...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credential...

An out-of-bounds read vulnerability in QNAP operating systems allows remote attackers with administrator credentials to ...

An out-of-bounds read vulnerability in QNAP operating systems allows remote attackers with administrator credentials to ...

An out-of-bounds read vulnerability in QNAP operating systems allows remote attackers with administrator credentials to ...

This CVE describes a resource allocation vulnerability in QNAP operating systems where an authenticated attacker with ad...

This CVE describes a path traversal vulnerability in QNAP operating systems that allows authenticated attackers with adm...

A path traversal vulnerability in QNAP operating systems allows authenticated administrators to read arbitrary files. Th...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in go-sonic's Theme Fetching API. Attackers can ma...

This vulnerability in PluXml's Media Management Module allows remote attackers to execute arbitrary code through deseria...

This vulnerability in Plane.io allows guest users to access an API endpoint that lists workspace members, potentially ex...

This CVE describes a cross-site scripting (XSS) vulnerability in LigeroSmart's Environment Variable Handler component. A...

KDE messagelib versions before 25.11.90 ignore SSL certificate validation errors when contacting Google's Safe Browsing ...

A local denial-of-service vulnerability exists in Open5GS versions up to 2.7.6 where the ogs_gtp2_parse_bearer_qos funct...

This vulnerability allows attackers to inject malicious scripts into the 'Remark' or 'Variable Value' parameters of the ...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for this identi...

This CVE ID was reserved but never assigned to an actual vulnerability. No software or systems are affected by this iden...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists under this iden...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for this identi...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID was reserved but not used for any actual vulnerability disclosure. No vulnerability exists, and no systems a...

This CVE ID (CVE-2025-34385) was rejected and never assigned to an actual vulnerability. It was reserved but not used fo...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for this identi...

This CVE ID was reserved but not used for any actual vulnerability disclosure. No vulnerability exists under this identi...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID (CVE-2025-34390) was rejected because it was reserved but never used for an actual vulnerability disclosure....

This CVE ID was reserved but not used for any actual vulnerability disclosure. No vulnerability exists, and no systems a...

This CVE ID (CVE-2025-34405) was rejected and never assigned to an actual vulnerability. It was reserved but not used fo...

This CVE ID was reserved but never assigned to an actual vulnerability. No software or systems are affected by this iden...

This CVE ID (CVE-2025-34426) was rejected and never assigned to an actual vulnerability. It was reserved but not used fo...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists under this iden...

This CVE ID (CVE-2025-34432) was reserved but never assigned to an actual vulnerability. It represents a placeholder tha...

CVE-2025-34443 is not an actual vulnerability. It was a CVE ID that was reserved but never assigned to a real security i...

This CVE ID was reserved but not used for any actual vulnerability disclosure. No vulnerability exists, and no systems a...

This CVE ID was reserved but never assigned to an actual vulnerability. No software or systems are affected by this iden...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for this identi...

This CVE ID (CVE-2025-34447) was rejected because it was reserved but never used for an actual vulnerability disclosure....

This CVE ID was reserved but not used for any actual vulnerability disclosure. No vulnerability exists under this identi...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for this identi...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID (CVE-2025-34455) was rejected because it was reserved but never used for an actual vulnerability disclosure....

This CVE ID was reserved but never assigned to an actual vulnerability. No software or systems are affected by this iden...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists under this iden...

This CVE has been reserved by a CVE Numbering Authority but no details have been published yet. The vulnerability descri...

This CVE ID (CVE-2025-34461) was reserved but never assigned to an actual vulnerability. It represents a placeholder tha...

This CVE ID was reserved but never assigned to an actual vulnerability. No security vulnerability exists for CVE-2025-34...

This CVE ID was reserved but not used for any actual vulnerability disclosure. No vulnerability exists under this identi...