CyberAlerts

CVE-2025-22484

Description: An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVSS: HIGH (7.1)

EPSS Score: 0.11%

Source: CVE

June 6th, 2025 (29 days ago)

CVE-2025-22482

Qsync Central

Description: A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

CVSS: LOW (2.3)

EPSS Score: 0.16%

Source: CVE

June 6th, 2025 (29 days ago)

CVE-2025-22481

QTS, QuTS hero

Description: A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

CVSS: HIGH (8.7)

EPSS Score: 0.56%

Source: CVE

June 6th, 2025 (29 days ago)

CVE-2024-56805

QTS, QuTS hero

Description: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

CVSS: MEDIUM (5.3)

EPSS Score: 0.1%

Source: CVE

June 6th, 2025 (29 days ago)

CVE-2024-50406

License Center

Description: A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later

CVSS: LOW (2.0)

EPSS Score: 0.1%

Source: CVE

June 6th, 2025 (29 days ago)

CVE-2024-4760

Voltage glitch during startup of the EEFC NVM controller can bypass the security bit

Description: A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

CVSS: MEDIUM (6.3)

EPSS Score: 0.14%

SSVC Exploitation: none

Source: CVE

June 6th, 2025 (29 days ago)

CVE-2024-13088

QHora

Description: An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later

CVSS: MEDIUM (5.2)

EPSS Score: 0.03%

Source: CVE

June 6th, 2025 (29 days ago)

CVE-2024-13087

QHora

Description: A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later

CVSS: LOW (2.4)

EPSS Score: 0.19%

Source: CVE

June 6th, 2025 (29 days ago)

Behind the Blog: Activism and Evangelism

Description: This week, we discuss the phrase "activist journalist," waiting in line for a Switch 2, and teledildonics.

Source: 404 Media

June 6th, 2025 (29 days ago)

Sound-Boosting Chrome Extensions Potential Ticking Bombs

Description: Security researchers at LayerX have uncovered a stealthy network of malicious Chrome extensions masquerading as in-browser sound enhancement tools. With over 700k installations globally, these add-ons appear to be laying dormant, awaiting remote instructions to execute malicious payloads. LayerX's report reveals that the extensions function as “sleeper agents,” capable of downloading and executing code from … The post Sound-Boosting Chrome Extensions Potential Ticking Bombs appeared first on CyberInsider.

Source: CyberInsider

June 6th, 2025 (29 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-22484	File Station 5 Description: An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later CVSS: HIGH (7.1) EPSS Score: 0.11% Source: CVE June 6th, 2025 (29 days ago)
CVE-2025-22482	Qsync Central Description: A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later CVSS: LOW (2.3) EPSS Score: 0.16% Source: CVE June 6th, 2025 (29 days ago)
CVE-2025-22481	QTS, QuTS hero Description: A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later CVSS: HIGH (8.7) EPSS Score: 0.56% Source: CVE June 6th, 2025 (29 days ago)
CVE-2024-56805	QTS, QuTS hero Description: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later CVSS: MEDIUM (5.3) EPSS Score: 0.1% Source: CVE June 6th, 2025 (29 days ago)
CVE-2024-50406	License Center Description: A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later CVSS: LOW (2.0) EPSS Score: 0.1% Source: CVE June 6th, 2025 (29 days ago)
CVE-2024-4760	Voltage glitch during startup of the EEFC NVM controller can bypass the security bit Description: A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set. CVSS: MEDIUM (6.3) EPSS Score: 0.14% SSVC Exploitation: none Source: CVE June 6th, 2025 (29 days ago)
CVE-2024-13088	QHora Description: An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later CVSS: MEDIUM (5.2) EPSS Score: 0.03% Source: CVE June 6th, 2025 (29 days ago)
CVE-2024-13087	QHora Description: A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later CVSS: LOW (2.4) EPSS Score: 0.19% Source: CVE June 6th, 2025 (29 days ago)
	Behind the Blog: Activism and Evangelism Description: This week, we discuss the phrase "activist journalist," waiting in line for a Switch 2, and teledildonics. Source: 404 Media June 6th, 2025 (29 days ago)
	Sound-Boosting Chrome Extensions Potential Ticking Bombs Description: Security researchers at LayerX have uncovered a stealthy network of malicious Chrome extensions masquerading as in-browser sound enhancement tools. With over 700k installations globally, these add-ons appear to be laying dormant, awaiting remote instructions to execute malicious payloads. LayerX's report reveals that the extensions function as “sleeper agents,” capable of downloading and executing code from … The post Sound-Boosting Chrome Extensions Potential Ticking Bombs appeared first on CyberInsider. Source: CyberInsider June 6th, 2025 (29 days ago)