Filtered by vendor Qnap
Subscribe
Total
635 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26239 | 1 Qnap | 1 File Station | 2026-06-12 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later | |||||
| CVE-2026-26240 | 1 Qnap | 1 File Station | 2026-06-12 | N/A | 9.1 CRITICAL |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | |||||
| CVE-2026-26241 | 1 Qnap | 1 File Station | 2026-06-12 | N/A | 9.1 CRITICAL |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | |||||
| CVE-2026-22895 | 1 Qnap | 1 Quftp | 2026-06-09 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuFTP Service 1.4.3 and later QuFTP Service 1.5.2 and later QuFTP Service 1.6.2 and later | |||||
| CVE-2026-22898 | 1 Qnap | 1 Qvr Pro | 2026-04-14 | N/A | 9.8 CRITICAL |
| A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later | |||||
| CVE-2025-62845 | 1 Qnap | 1 Qurouter | 2026-04-14 | N/A | 6.7 MEDIUM |
| An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later | |||||
| CVE-2025-62844 | 1 Qnap | 1 Qurouter | 2026-04-14 | N/A | 5.5 MEDIUM |
| A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later | |||||
| CVE-2025-62843 | 1 Qnap | 1 Qurouter | 2026-04-14 | N/A | 6.8 MEDIUM |
| An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later | |||||
| CVE-2025-62846 | 1 Qnap | 1 Qurouter | 2026-04-14 | N/A | 6.7 MEDIUM |
| An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later | |||||
| CVE-2025-59383 | 1 Qnap | 1 Media Streaming Add-on | 2026-04-14 | N/A | 9.1 CRITICAL |
| A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later | |||||
| CVE-2026-22900 | 1 Qnap | 1 Qunetswitch | 2026-03-25 | N/A | 9.8 CRITICAL |
| A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later | |||||
| CVE-2026-22897 | 1 Qnap | 1 Qunetswitch | 2026-03-25 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later | |||||
| CVE-2026-22901 | 1 Qnap | 1 Qunetswitch | 2026-03-25 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later | |||||
| CVE-2026-22902 | 1 Qnap | 1 Qunetswitch | 2026-03-25 | N/A | 6.7 MEDIUM |
| A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later | |||||
| CVE-2025-59388 | 1 Qnap | 1 Hyper Data Protector | 2026-03-16 | N/A | 9.8 CRITICAL |
| A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: Hyper Data Protector 2.3.1.455 and later | |||||