Filtered by vendor Qnap
Subscribe
Total
635 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22894 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | |||||
| CVE-2025-9110 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 7.5 HIGH |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later | |||||
| CVE-2025-68406 | 1 Qnap | 1 Qsync Central | 2026-06-17 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-66278 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | |||||
| CVE-2025-66277 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 9.8 CRITICAL |
| A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later | |||||
| CVE-2025-66274 | 1 Qnap | 1 Quts Hero | 2026-06-17 | N/A | 4.9 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h6.0.0.3397 build 20260206 and later | |||||
| CVE-2025-62857 | 1 Qnap | 1 Qumagie | 2026-06-17 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later | |||||
| CVE-2025-62856 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 4.4 MEDIUM |
| A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | |||||
| CVE-2025-62855 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 4.4 MEDIUM |
| A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | |||||
| CVE-2025-62854 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | |||||
| CVE-2025-62853 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later | |||||
| CVE-2025-62852 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later | |||||
| CVE-2025-62849 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | |||||
| CVE-2025-62848 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | |||||
| CVE-2025-62847 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 7.5 HIGH |
| An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | |||||
| CVE-2025-62842 | 1 Qnap | 1 Hybrid Backup Sync | 2026-06-17 | N/A | 7.8 HIGH |
| An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later | |||||
| CVE-2025-62840 | 1 Qnap | 1 Hybrid Backup Sync | 2026-06-17 | N/A | 3.3 LOW |
| A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later | |||||
| CVE-2025-59389 | 1 Qnap | 1 Hyper Data Protector | 2026-06-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later | |||||
| CVE-2025-59386 | 1 Qnap | 1 Quts Hero | 2026-06-17 | N/A | 4.9 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later | |||||
| CVE-2025-59385 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 9.8 CRITICAL |
| An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | |||||