Auto-Update: 2026-02-27T13:00:13.723905+00:00

Author: cad-safe-bot

CVE-2025/CVE-2025-112xx/CVE-2025-11251.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-11251",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2026-02-27T12:16:01.783",
+  "lastModified": "2026-02-27T12:16:01.783",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.usom.gov.tr/bildirim/tr-26-0084",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}

CVE-2025/CVE-2025-472xx/CVE-2025-47205.json

@@ -2,8 +2,8 @@
   "id": "CVE-2025-47205",
   "sourceIdentifier": "security@qnapsecurity.com.tw",
   "published": "2026-02-11T13:15:52.287",
-  "lastModified": "2026-02-11T15:27:26.370",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2026-02-27T12:59:14.410",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -59,6 +59,28 @@
           "providerUrgency": "NOT_DEFINED"
         }
       }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
     ]
   },
   "weaknesses": [
@@ -73,10 +95,210 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*",
+              "matchCriteriaId": "F4026A4B-7AB4-48EA-971D-88DFDD3F01A7"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*",
+              "matchCriteriaId": "1F3F99BB-0D68-4D74-92C8-59E24F96C50D"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*",
+              "matchCriteriaId": "1DE63B4D-8E84-41D3-B1F3-04AE6040242B"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*",
+              "matchCriteriaId": "75746563-C648-4E55-9126-703F915F8B8A"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*",
+              "matchCriteriaId": "AF6BA027-A635-4E90-80C8-130B10AB3D23"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*",
+              "matchCriteriaId": "5406F242-A215-4B07-809F-7A7CE55ACE71"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*",
+              "matchCriteriaId": "FA17778E-B3B1-44DD-B4E9-5AD25A3E804C"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*",
+              "matchCriteriaId": "E3FC6646-2247-4ED9-9643-CD376674E2E7"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*",
+              "matchCriteriaId": "62170342-067D-442C-88FB-64A4BEA8AFE4"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*",
+              "matchCriteriaId": "82464467-E1E6-47E1-BDE5-DDFA52994A47"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*",
+              "matchCriteriaId": "75AE902C-0516-4341-9BF0-21D8803E091C"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*",
+              "matchCriteriaId": "5B005D70-8C91-48D4-B09A-9EBE2E9E5090"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*",
+              "matchCriteriaId": "82FE5F89-A0E1-4D1B-A363-0A0D4141F502"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*",
+              "matchCriteriaId": "B21A9EE0-88D5-42D9-BA21-D55518FCC6E4"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*",
+              "matchCriteriaId": "3B575CF2-21F3-4435-B6B4-61D79B34429C"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*",
+              "matchCriteriaId": "E2EBD305-91E3-4BCC-835B-4878DF4DA3B8"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*",
+              "matchCriteriaId": "554CB021-1477-4E63-8EBA-74056B4D8DA7"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:qts:5.2.7.3297:build_20251024:*:*:*:*:*:*",
+              "matchCriteriaId": "153F90E1-A54F-4B8D-AEEA-4643421AFF7F"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*",
+              "matchCriteriaId": "CDCBB36A-CB91-4BA3-A6ED-952E6A4A0481"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*",
+              "matchCriteriaId": "240BCFF1-CCCB-4C07-8E2C-7F43F68407FC"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*",
+              "matchCriteriaId": "D3AF7276-77E0-474A-B10F-AC15BC5FCF00"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*",
+              "matchCriteriaId": "5FA8C3EC-B6C0-44A8-BC91-18E3E90C63AB"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*",
+              "matchCriteriaId": "889336D2-D9F7-4CC0-A22F-B837B5E77751"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*",
+              "matchCriteriaId": "98F72EB9-0EE3-416A-B9BB-2512F5203A5A"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*",
+              "matchCriteriaId": "9110382F-57C2-4C2E-82D1-3246C882B2C3"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*",
+              "matchCriteriaId": "DB92EFD7-47DD-4AAC-97BD-A2D4918FF4ED"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*",
+              "matchCriteriaId": "78E38E23-1AD0-49E1-89FA-73DC2F496137"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*",
+              "matchCriteriaId": "F2F302B6-26CC-4044-B480-4EBDBB90797F"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*",
+              "matchCriteriaId": "BF0093B6-8D38-4D1E-AD71-79299123C2B1"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*",
+              "matchCriteriaId": "48A3CDAA-B0C6-4280-B1AC-DDD027F9D632"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*",
+              "matchCriteriaId": "1807DE4F-CDF3-4E3B-ADC1-9535EF1D60FE"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*",
+              "matchCriteriaId": "68FF7342-A0AF-4E75-9CD6-D584B450B8AB"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*",
+              "matchCriteriaId": "A8E84E3D-943C-4DF5-86D3-DCAC3C034B81"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*",
+              "matchCriteriaId": "17720E05-1BBF-4605-A777-FA4059B3C2DC"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.7.3297:build_20251024:*:*:*:*:*:*",
+              "matchCriteriaId": "39CB5F1C-9811-499D-9D32-34B40E0D475E"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://www.qnap.com/en/security-advisory/qsa-26-05",
-      "source": "security@qnapsecurity.com.tw"
+      "source": "security@qnapsecurity.com.tw",
+      "tags": [
+        "Vendor Advisory"
+      ]
     }
   ]
 }

CVE-2026/CVE-2026-14xx/CVE-2026-1434.json

@@ -0,0 +1,82 @@
+{
+  "id": "CVE-2026-1434",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2026-02-27T11:16:04.770",
+  "lastModified": "2026-02-27T11:16:04.770",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim\u2019s browser.\n\nThis issue was fixed in 4.6.7."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "ACTIVE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "NONE",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "LOW",
+          "subIntegrityImpact": "LOW",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert.pl/posts/2026/02/CVE-2026-1434",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://www.omegapsir.io/",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}