VYPR

Vendor CVEs

Qnap

All CVEs

486 total · sorted by risk
  • CVE-2025-30270Aug 29, 2025
    risk 0.00cvss epss 0.00

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability…

  • CVE-2025-30268Aug 29, 2025
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in…

  • CVE-2025-30267Aug 29, 2025
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in…

  • CVE-2025-30265Aug 29, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following…

  • CVE-2025-30264Aug 29, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following…

  • CVE-2025-30261Aug 29, 2025
    risk 0.00cvss epss 0.00

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…

  • CVE-2025-29882Aug 29, 2025
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in…

  • CVE-2025-22483Aug 29, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already…

  • CVE-2025-22482Jun 6, 2025
    risk 0.00cvss epss 0.00

    A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the…

  • CVE-2025-22481Jun 6, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following…

  • CVE-2024-56805Jun 6, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the…

  • CVE-2024-13088Jun 6, 2025
    risk 0.00cvss epss 0.00

    An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter…

  • CVE-2024-13087Jun 6, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the…

  • CVE-2024-53699Mar 7, 2025
    risk 0.00cvss epss 0.00

    An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the…

  • CVE-2024-53698Mar 7, 2025
    risk 0.00cvss epss 0.00

    A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions:…

  • CVE-2024-53697Mar 7, 2025
    risk 0.00cvss epss 0.00

    An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the…

  • CVE-2024-53696Mar 7, 2025
    risk 0.00cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following…

  • CVE-2024-53693Mar 7, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already…

  • CVE-2024-53692Mar 7, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the…

  • CVE-2024-50405Mar 7, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We…

  • CVE-2024-38638Mar 7, 2025
    risk 0.00cvss epss 0.00

    An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. …

  • CVE-2022-27595Dec 19, 2024
    risk 0.00cvss epss 0.00

    An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following…

  • CVE-2022-27600Dec 19, 2024
    risk 0.00cvss epss 0.01

    An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the…

  • CVE-2023-23354Dec 19, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed…

  • CVE-2023-23356Dec 19, 2024
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the…

  • CVE-2023-23357Dec 19, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have…

  • CVE-2024-50403Dec 6, 2024
    risk 0.00cvss epss 0.00

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…

  • CVE-2024-50402Dec 6, 2024
    risk 0.00cvss epss 0.01

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…

  • CVE-2024-50393Dec 6, 2024
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954…

  • CVE-2024-48868Dec 6, 2024
    risk 0.00cvss epss 0.00

    An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in…

  • CVE-2024-48867Dec 6, 2024
    risk 0.00cvss epss 0.00

    An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in…

  • CVE-2024-48866Dec 6, 2024
    risk 0.00cvss epss 0.00

    An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in…

  • CVE-2024-48865Dec 6, 2024
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability…

  • CVE-2024-48859Dec 6, 2024
    risk 0.00cvss epss 0.01

    An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions:…

  • CVE-2023-52944Dec 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.

  • CVE-2023-52943Dec 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.

  • CVE-2024-32767Nov 22, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo…

  • CVE-2024-37041Nov 22, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…

  • CVE-2024-37042Nov 22, 2024
    risk 0.00cvss epss 0.01

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…

  • CVE-2024-37043Nov 22, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have…

  • CVE-2024-37044Nov 22, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…

  • CVE-2024-37045Nov 22, 2024
    risk 0.00cvss epss 0.01

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…

  • CVE-2024-37046Nov 22, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have…

  • CVE-2024-37047Nov 22, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…

  • CVE-2024-37048Nov 22, 2024
    risk 0.00cvss epss 0.01

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…

  • CVE-2024-37049Nov 22, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…

  • CVE-2024-37050Nov 22, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…

  • CVE-2024-38644Nov 22, 2024
    risk 0.00cvss epss 0.02

    An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

  • CVE-2024-38647Nov 22, 2024
    risk 0.00cvss epss 0.01

    An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core…

  • CVE-2024-48860Nov 22, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later

Page 5 of 10