24h | 7d | 30d

CVE-2025-14107

Overview

  • ZSPACE
  • Q2C NAS
05 Dec 2025
Published
05 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
cR0w h0 h0 @cR0w

ZSPACE

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

TOZED

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • Last hour

CVE-2025-14106

Overview

  • ZSPACE
  • Q2C NAS
05 Dec 2025
Published
05 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
cR0w h0 h0 @cR0w

ZSPACE

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

TOZED

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • Last hour

CVE-2025-23089

Overview

  • nodejs
  • node
22 Jan 2025
Published
01 Mar 2025
Updated
CVSS v3.0
HIGH (8.8)
EPSS
0.04%
KEV

Description

This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Matt "msw" Wilson @msw.bsky.social
Vendored deps are not unusual at all... But, unfortunately, misuse of the CVE program is all too common in the NodeJS community. Let's take CVE-2025-23087, CVE-2025-23088, and CVE-2025-23089 for example. All of these CVEs are REJECTED. nodejs.org/en/blog/vuln...
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-23088

Overview

  • Pending
22 Jan 2025
Published
01 Mar 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Matt "msw" Wilson @msw.bsky.social
Vendored deps are not unusual at all... But, unfortunately, misuse of the CVE program is all too common in the NodeJS community. Let's take CVE-2025-23087, CVE-2025-23088, and CVE-2025-23089 for example. All of these CVEs are REJECTED. nodejs.org/en/blog/vuln...
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-23087

Overview

  • Pending
22 Jan 2025
Published
01 Mar 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Matt "msw" Wilson @msw.bsky.social
Vendored deps are not unusual at all... But, unfortunately, misuse of the CVE program is all too common in the NodeJS community. Let's take CVE-2025-23087, CVE-2025-23088, and CVE-2025-23089 for example. All of these CVEs are REJECTED. nodejs.org/en/blog/vuln...
  • 0
  • 0
  • 0
  • 22h ago
Showing 41 to 45 of 45 CVEs