Filtered by vendor Qnap
Subscribe
Total
598 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53596 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-52863 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 8.1 HIGH |
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
|
|||||
| CVE-2025-52864 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 8.1 HIGH |
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
|
|||||
| CVE-2025-52872 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 8.1 HIGH |
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
|
|||||
| CVE-2025-53593 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 6.5 MEDIUM |
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-53591 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 6.5 MEDIUM |
|
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-54164 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-54165 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-54166 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
|
|||||
| CVE-2025-47208 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 6.5 MEDIUM |
|
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
|
|||||
| CVE-2025-57705 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
|
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.32 ...
Show More |
|||||
| CVE-2025-59385 | 1 Qnap | 2 Qts, Quts Hero | 2025-12-17 | N/A | 9.8 CRITICAL |
|
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
|
|||||
| CVE-2025-62847 | 1 Qnap | 2 Qts, Quts Hero | 2025-12-17 | N/A | 7.5 HIGH |
|
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
|
|||||
| CVE-2025-62848 | 1 Qnap | 2 Qts, Quts Hero | 2025-12-17 | N/A | 7.5 HIGH |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
|
|||||
| CVE-2025-62849 | 1 Qnap | 2 Qts, Quts Hero | 2025-12-17 | N/A | 9.8 CRITICAL |
|
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
|
|||||
| CVE-2023-47218 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 5.8 MEDIUM |
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
|
|||||
| CVE-2023-34980 | 1 Qnap | 2 Qts, Quts Hero | 2025-12-10 | N/A | 5.9 MEDIUM |
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h4.5.4.2626 build 20231225 and later
|
|||||
| CVE-2023-51364 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 8.7 HIGH |
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and l ...
Show More |
|||||
| CVE-2023-51365 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 8.7 HIGH |
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and l ...
Show More |
|||||
| CVE-2024-32765 | 1 Qnap | 2 Qts, Quts Hero | 2025-12-10 | N/A | 4.2 MEDIUM |
|
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
|
|||||
| CVE-2024-50404 | 1 Qnap | 1 Qsync Central | 2025-12-10 | N/A | 8.8 HIGH |
|
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
|
|||||
| CVE-2025-52856 | 1 Qnap | 1 Qvr | 2025-12-10 | N/A | 9.8 CRITICAL |
|
An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later
|
|||||
| CVE-2024-32764 | 1 Qnap | 1 Myqnapcloud Link | 2025-12-10 | N/A | 9.9 CRITICAL |
|
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.
We have already fixed the vulnerability in the following version:
myQNAPcloud Link 2.4.51 and later
|
|||||
| CVE-2024-32766 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 10.0 CRITICAL |
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
|
|||||
| CVE-2025-54154 | 1 Qnap | 1 Authenticator | 2025-12-10 | N/A | 6.8 MEDIUM |
|
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QNAP Authenticator 1.3.1.1227 and later
|
|||||
| CVE-2023-50358 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 5.8 MEDIUM |
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS h ...
Show More |
|||||
| CVE-2023-47220 | 1 Qnap | 1 Media Streaming Add-on | 2025-12-08 | N/A | 6.6 MEDIUM |
|
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following version:
Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
|
|||||
| CVE-2024-38647 | 1 Qnap | 1 Ai Core | 2025-12-08 | N/A | 7.5 HIGH |
|
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QNAP AI Core 3.4.1 and later
|
|||||
| CVE-2024-48862 | 1 Qnap | 1 Qulog Center | 2025-12-08 | N/A | 9.8 CRITICAL |
|
A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.831 ( 2024/10/15 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
|
|||||
| CVE-2022-27595 | 1 Qnap | 1 Qvpn | 2025-12-08 | N/A | 7.8 HIGH |
|
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QVPN Windows 2.0.0.1316 and later
QVPN Windows 2.0.0.1310 and later
|
|||||
| CVE-2022-27600 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-08 | N/A | 6.8 MEDIUM |
|
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2277 and later
QTS 4.5.4.2280 build 20230112 and later
QuTS hero h5.0.1.2277 build 20230112 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
|
|||||
| CVE-2024-50395 | 1 Qnap | 1 Media Streaming Add-on | 2025-12-08 | N/A | 8.8 HIGH |
|
An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege.
We have already fixed the vulnerability in the following version:
Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
|
|||||
| CVE-2024-50387 | 1 Qnap | 1 Smb Service | 2025-12-08 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.
We have already fixed the vulnerability in the following version:
SMB Service 4.15.002 and later
SMB Service h4.15.002 and later
|
|||||
| CVE-2024-48863 | 1 Qnap | 1 License Center | 2025-12-08 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
License Center 1.9.43 and later
|
|||||
| CVE-2025-57714 | 1 Qnap | 1 Netbak Replicator | 2025-12-08 | N/A | 7.8 HIGH |
|
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
NetBak Replicator 4.5.15.0807 and later
|
|||||
| CVE-2025-44015 | 1 Qnap | 1 Hybriddesk Station | 2025-12-08 | N/A | 8.4 HIGH |
|
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later
|
|||||
| CVE-2024-53696 | 1 Qnap | 3 Qts, Qulog Center, Quts Hero | 2025-12-06 | N/A | 4.9 MEDIUM |
|
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
QTS 4.5.4.2957 build 20241119 and later
QuTS hero h4.5.4.2956 build 20241119 and later
|
|||||
| CVE-2023-32969 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-05 | N/A | 4.9 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
|
|||||
| CVE-2024-21905 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-05 | N/A | 6.5 MEDIUM |
|
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
|
|||||
| CVE-2024-27124 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-05 | N/A | 7.5 HIGH |
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
|
|||||