ByteOS Network

qinming99

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-2957

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-Not Assigned

Published-22 Feb, 2026 | 23:02

Updated-22 Feb, 2026 | 23:15

qinming99 dst-admin File BackupController.java deleteBackup denial of service

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-qinming99

Product-dst-admin

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2026-2956

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-Not Assigned

Published-22 Feb, 2026 | 22:02

Updated-22 Feb, 2026 | 22:15

qinming99 dst-admin restore revertBackup command injection

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-qinming99

Product-dst-admin

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')