cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-50360,https://securityvulnerability.io/vulnerability/CVE-2023-50360,Video Station SQL Injection Vulnerability,"A SQL injection vulnerability has been identified in QNAP's Video Station, allowing authenticated users to execute malicious code through network interactions. This vulnerability has implications for the security of the application by potentially exposing sensitive user data and system integrity. Users are encouraged to update to Video Station version 5.8.1 or later, released on February 26, 2024, to mitigate the risk associated with this vulnerability and bolster their security posture.",QNAP,Video Station,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-09-06T16:26:55.405Z,0
CVE-2023-47563,https://securityvulnerability.io/vulnerability/CVE-2023-47563,Video Station OS Command Injection Vulnerability,"An OS command injection vulnerability exists in QNAP's Video Station, allowing authenticated users to potentially execute arbitrary commands over the network. This may expose the system to unauthorized actions, jeopardizing the integrity and security of the video data managed by the application. Users are recommended to upgrade to Video Station version 5.8.2 or later, where the issue has been addressed.",QNAP,Video Station,8.8,HIGH,0.0005099999834783375,false,false,false,false,,false,false,2024-09-06T16:26:50.074Z,0
CVE-2023-41287,https://securityvulnerability.io/vulnerability/CVE-2023-41287,Video Station,"A SQL injection vulnerability has been identified in QNAP Video Station, potentially allowing attackers to execute arbitrary SQL commands through malicious input sent over a network. This vulnerability compromises the integrity and security of the application, offering a pathway for unauthorized actions that could impact user data and privacy. QNAP has addressed this issue in the updated version 5.7.2, released on 2023/11/23, ensuring protection against such threats.",QNAP,Video Station,4.3,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2024-01-05T17:15:00.000Z,0
CVE-2023-41288,https://securityvulnerability.io/vulnerability/CVE-2023-41288,Video Station,"An OS command injection vulnerability has been identified within QNAP's Video Station. If exploited, this vulnerability could permit unauthorized users to execute arbitrary commands through network access. The issue has been addressed in Video Station version 5.7.2, released on November 23, 2023, which includes critical security enhancements to mitigate potential exploits.",QNAP,Video Station,8.8,HIGH,0.0009899999713525176,false,false,false,false,,false,false,2024-01-05T17:15:00.000Z,0
CVE-2023-34976,https://securityvulnerability.io/vulnerability/CVE-2023-34976,Video Station,"A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.

We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
",QNAP,Video Station,4.3,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-10-13T20:15:00.000Z,0
CVE-2023-34977,https://securityvulnerability.io/vulnerability/CVE-2023-34977,Video Station,"A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.

We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
",QNAP,Video Station,4.6,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-10-13T20:15:00.000Z,0
CVE-2021-44056,https://securityvulnerability.io/vulnerability/CVE-2021-44056,Improper authentication in Video Station,"An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later",QNAP,Video Station,7.1,HIGH,0.002520000096410513,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2021-44055,https://securityvulnerability.io/vulnerability/CVE-2021-44055,Information leakage in Video Station,"An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later",QNAP,Video Station,5.3,MEDIUM,0.0044200001284480095,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2021-28812,https://securityvulnerability.io/vulnerability/CVE-2021-28812,Command Injection Vulnerability in Video Station,"A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3.",QNAP,Video Station,8.8,HIGH,0.0013599999947473407,false,false,false,false,,false,false,2021-06-03T00:00:00.000Z,0
CVE-2019-7184,https://securityvulnerability.io/vulnerability/CVE-2019-7184,,"This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions.",Qnap,Qnap Nas Devices Running Video Station,4.8,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2019-12-05T16:45:14.000Z,0
CVE-2017-13071,https://securityvulnerability.io/vulnerability/CVE-2017-13071,,"QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier.",Qnap,Video Station,9.8,CRITICAL,0.004689999856054783,false,false,false,false,,false,false,2017-11-22T17:29:00.000Z,0