Filtered by vendor Qnap
Subscribe
Total
598 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54152 | 1 Qnap | 1 Qsync Central | 2026-02-12 | N/A | 6.5 MEDIUM |
|
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-52868 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.1 HIGH |
|
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-48725 | 1 Qnap | 2 Qts, Quts Hero | 2026-02-11 | N/A | 8.1 HIGH |
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QuTS hero h5.3.2.3354 build 20251225 and later
|
|||||
| CVE-2025-48724 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.1 HIGH |
|
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-48723 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.1 HIGH |
|
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-48722 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-47209 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-30276 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.8 HIGH |
|
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-30269 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.1 HIGH |
|
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-30266 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
|
|||||
| CVE-2025-62840 | 1 Qnap | 1 Hybrid Backup Sync | 2026-02-05 | N/A | 3.3 LOW |
|
A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later
|
|||||
| CVE-2025-62842 | 1 Qnap | 1 Hybrid Backup Sync | 2026-02-05 | N/A | 7.8 HIGH |
|
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later
|
|||||
| CVE-2024-50388 | 1 Qnap | 1 Hybrid Backup Sync | 2026-01-30 | N/A | 9.8 CRITICAL |
|
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.1.673 and later
|
|||||
| CVE-2024-13086 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-30 | N/A | 5.3 MEDIUM |
|
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
|
|||||
| CVE-2024-50394 | 1 Qnap | 1 Helpdesk | 2026-01-22 | N/A | 8.8 HIGH |
|
An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
Helpdesk 3.3.3 and later
|
|||||
| CVE-2025-11837 | 1 Qnap | 1 Malware Remover | 2026-01-22 | N/A | 9.8 CRITICAL |
|
An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism.
We have already fixed the vulnerability in the following version:
Malware Remover 6.6.8.20251023 and later
|
|||||
| CVE-2025-59384 | 1 Qnap | 1 Qfiling | 2026-01-22 | N/A | 7.5 HIGH |
|
A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qfiling 3.13.1 and later
|
|||||
| CVE-2025-59389 | 1 Qnap | 1 Hyper Data Protector | 2026-01-22 | N/A | 9.8 CRITICAL |
|
An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
Hyper Data Protector 2.2.4.1 and later
|
|||||
| CVE-2023-23354 | 1 Qnap | 4 Qts, Qulog Center, Quts Hero and 1 more | 2026-01-20 | N/A | 7.3 HIGH |
|
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.5.0.738 ( 2023/03/06 ) and later
QuLog Center 1.4.1.691 ( 2023/03/01 ) and later
QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
|
|||||
| CVE-2023-23357 | 1 Qnap | 4 Qts, Qulog Center, Quts Hero and 1 more | 2026-01-20 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.5.0.738 ( 2023/03/06 ) and later
QuLog Center 1.4.1.691 ( 2023/03/01 ) and later
QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
|
|||||
| CVE-2024-53695 | 1 Qnap | 1 Hybrid Backup Sync | 2026-01-16 | N/A | 9.1 CRITICAL |
|
A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.4.952 and later
|
|||||
| CVE-2023-34976 | 1 Qnap | 1 Video Station | 2026-01-12 | N/A | 10.0 CRITICAL |
|
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
|
|||||
| CVE-2023-34975 | 1 Qnap | 1 Video Station | 2026-01-12 | N/A | 6.6 MEDIUM |
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h4.5.4.2626 build 20231225 and later
QTS 4.5.4.2627 build 20231225 and later
|
|||||
| CVE-2025-48721 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-06 | N/A | 6.5 MEDIUM |
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
|
|||||
| CVE-2025-59380 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-06 | N/A | 4.9 MEDIUM |
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
|
|||||
| CVE-2025-59381 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-06 | N/A | 4.9 MEDIUM |
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
|
|||||
| CVE-2025-62852 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-06 | N/A | 6.5 MEDIUM |
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
|
|||||
| CVE-2025-9110 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-06 | N/A | 7.5 HIGH |
|
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-53597 | 1 Qnap | 1 License Center | 2026-01-05 | N/A | 6.5 MEDIUM |
|
A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
License Center 2.0.36 and later
|
|||||
| CVE-2025-52871 | 1 Qnap | 1 License Center | 2026-01-05 | N/A | 6.5 MEDIUM |
|
An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following version:
License Center 2.0.36 and later
|
|||||
| CVE-2025-62857 | 1 Qnap | 1 Qumagie | 2026-01-05 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
QuMagie 2.8.1 and later
|
|||||
| CVE-2025-44013 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 6.5 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
|
|||||
| CVE-2025-52426 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-52430 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-52431 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-53405 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-53414 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-53589 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-53590 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
|
|||||
| CVE-2025-53592 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 6.5 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||