24h | 7d | 30d

Overview

  • ZSPACE
  • Q2C NAS

05 Dec 2025
Published
05 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: Last hour

Overview

  • ZSPACE
  • Q2C NAS

05 Dec 2025
Published
05 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: Last hour

Overview

  • nodejs
  • node

22 Jan 2025
Published
01 Mar 2025
Updated

CVSS v3.0
HIGH (8.8)
EPSS
0.04%

KEV

Description

This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Vendored deps are not unusual at all... But, unfortunately, misuse of the CVE program is all too common in the NodeJS community. Let's take CVE-2025-23087, CVE-2025-23088, and CVE-2025-23089 for example. All of these CVEs are REJECTED. nodejs.org/en/blog/vuln...
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Pending

22 Jan 2025
Published
01 Mar 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Vendored deps are not unusual at all... But, unfortunately, misuse of the CVE program is all too common in the NodeJS community. Let's take CVE-2025-23087, CVE-2025-23088, and CVE-2025-23089 for example. All of these CVEs are REJECTED. nodejs.org/en/blog/vuln...
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Pending

22 Jan 2025
Published
01 Mar 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Vendored deps are not unusual at all... But, unfortunately, misuse of the CVE program is all too common in the NodeJS community. Let's take CVE-2025-23087, CVE-2025-23088, and CVE-2025-23089 for example. All of these CVEs are REJECTED. nodejs.org/en/blog/vuln...
  • 0
  • 0
  • 0
  • 22h ago
Showing 41 to 45 of 45 CVEs