| CVE-2025-70100 |
medium |
5.5 |
5.5 |
|
|
|
15h ago |
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi… |
| CVE-2025-60477 |
medium |
5.0 |
5.0 |
|
|
|
15h ago |
A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS)… |
| CVE-2024-47273 |
medium |
4.3 |
4.3 |
|
|
|
15h ago |
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated use… |
| CVE-2024-47263 |
medium |
4.1 |
4.1 |
|
|
|
15h ago |
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenti… |
| CVE-2023-52951 |
medium |
5.9 |
5.9 |
|
|
|
15h ago |
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. |
| CVE-2025-41259 |
unknown |
— |
— |
|
|
|
16h ago |
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using … |
| CVE-2026-5078 |
medium |
5.3 |
5.3 |
|
|
|
23h ago |
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characte… |
