Home/Product/qnap qts
Product

qnap qts

272 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-14026
all versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local n
7.8HIGH
 CVE-2025-66277
all versions
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then e
9.8CRITICAL
 CVE-2025-58466
all versions
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote atta
4.9MEDIUM
 CVE-2025-48725
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a u
8.1HIGH
 CVE-2025-47205
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-9110
all versions
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QN
7.5HIGH
 CVE-2025-62852
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an
6.5MEDIUM
 CVE-2025-59381
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an a
4.9MEDIUM
 CVE-2025-59380
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an a
4.9MEDIUM
 CVE-2025-48721
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an
6.5MEDIUM
 CVE-2025-57705
all versions
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system ve
4.9MEDIUM
 CVE-2025-54166
all versions
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains
4.9MEDIUM
 CVE-2025-54165
all versions
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains
4.9MEDIUM
 CVE-2025-54164
all versions
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains
4.9MEDIUM
 CVE-2025-53596
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-53593
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an
6.5MEDIUM
 CVE-2025-53592
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
6.5MEDIUM
 CVE-2025-53591
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2025-53590
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-53589
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-53414
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-53405
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52872
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a u
8.1HIGH
 CVE-2025-52864
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a u
8.1HIGH
 CVE-2025-52863
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a u
8.1HIGH
 CVE-2025-52431
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52430
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52426
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-47208
all versions
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system ve
6.5MEDIUM
 CVE-2025-44013
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
6.5MEDIUM
 CVE-2025-62849
all versions
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then e
9.8CRITICAL
 CVE-2025-62848
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers
7.5HIGH
 CVE-2025-62847
all versions
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating sy
7.5HIGH
 CVE-2025-59385
all versions
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote
9.8CRITICAL
 CVE-2025-53407
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2025-53406
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2025-52866
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52862
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52860
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52859
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52858
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52857
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52855
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52854
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52853
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52433
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52432
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52429
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2025-52428
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52427
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-52424
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-48730
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2025-48729
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-48728
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-48727
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-48726
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-47214
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-47213
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
4.9MEDIUM
 CVE-2025-47212
all versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a
7.2HIGH
 CVE-2025-47211
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an a
4.9MEDIUM
 CVE-2025-33032
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an a
4.9MEDIUM
 CVE-2025-30274
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit
6.5MEDIUM
 CVE-2025-30273
all versions
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gain
8.1HIGH
 CVE-2025-30272
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit
6.5MEDIUM
 CVE-2025-30271
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a us
6.5MEDIUM
 CVE-2025-30270
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a us
6.5MEDIUM
 CVE-2025-30268
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
6.5MEDIUM
 CVE-2025-30267
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
6.5MEDIUM
 CVE-2025-30265
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a u
6.5MEDIUM
 CVE-2025-30264
all versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a
8.8HIGH
 CVE-2025-29882
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
6.5MEDIUM
 CVE-2025-22481
all versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerabil
8.8HIGH
 CVE-2024-56805
all versions
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerabilit
5.4MEDIUM
 CVE-2024-53699
all versions
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnera
7.2HIGH
 CVE-2024-53698
all versions
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability co
4.9MEDIUM
 CVE-2024-53697
all versions
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnera
7.2HIGH
 CVE-2024-53696
>= 4.5.1 and < 4.5.4.2957
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could
4.9MEDIUM
 CVE-2024-53693
all versions
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating s
7.1HIGH
 CVE-2024-53692
all versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerabil
4.7MEDIUM
 CVE-2024-50405
all versions
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating s
5.5MEDIUM
 CVE-2024-38638
all versions
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnera
7.2HIGH
 CVE-2024-13086
>= 5.0.0 and < 5.2.0.2851
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allo
5.3MEDIUM
 CVE-2022-27600
>= 4.5.1 and < 4.5.4.2280
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploite
6.8MEDIUM
 CVE-2024-53691
all versions
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
8.8HIGH
 CVE-2024-50403
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-50402
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-50393
all versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerabil
9.8CRITICAL
 CVE-2024-48868
all versions
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating s
7.5HIGH
 CVE-2024-48867
all versions
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating s
7.5HIGH
 CVE-2024-48866
all versions
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versio
5.3MEDIUM
 CVE-2024-48865
all versions
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited,
7.5HIGH
 CVE-2024-48859
all versions
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
9.1CRITICAL
 CVE-2024-50401
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-50400
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-50399
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-50398
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-50397
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
8.8HIGH
 CVE-2024-50396
all versions
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If
8.8HIGH
 CVE-2024-37050
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2024-37049
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2024-37048
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
4.9MEDIUM
 CVE-2024-37047
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
6.5MEDIUM
 CVE-2024-37046
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
4.9MEDIUM
 CVE-2024-37045
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
4.9MEDIUM
 CVE-2024-37044
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-37043
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
4.9MEDIUM
 CVE-2024-37042
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
4.9MEDIUM
 CVE-2024-37041
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-38641
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
7.8HIGH
 CVE-2024-32771
all versions
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating syst
2.6LOW
 CVE-2024-32763
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
8.8HIGH
 CVE-2024-21906
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
4.7MEDIUM
 CVE-2024-21904
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
5.9MEDIUM
 CVE-2024-21903
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
6.6MEDIUM
 CVE-2024-21898
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
8.8HIGH
 CVE-2024-21897
all versions
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the v
8.9HIGH
 CVE-2023-51368
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
5.4MEDIUM
 CVE-2023-51367
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.4MEDIUM
 CVE-2023-51366
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
8.7HIGH
 CVE-2023-50366
all versions
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the v
4.3MEDIUM
 CVE-2023-39300
all versions
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenti
7.2HIGH
 CVE-2023-39298
all versions
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
7.8HIGH
 CVE-2023-34979
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
6.6MEDIUM
 CVE-2023-34974
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
8.8HIGH
 CVE-2024-32765
>= 5.1.0 and < 5.1.8.2823
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authentica
4.2MEDIUM
 CVE-2024-27130
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
7.2HIGH
 CVE-2024-27129
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
6.4MEDIUM
 CVE-2024-27128
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
6.4MEDIUM
 CVE-2024-27127
all versions
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
7.2HIGH
 CVE-2024-21902
all versions
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system v
6.4MEDIUM
 CVE-2024-32766
< 4.5.4.2627
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
10.0CRITICAL
 CVE-2024-27124
>= 4.5.1 and < 4.5.4.2627
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
7.5HIGH
 CVE-2024-21905
>= 5.0.0 and < 5.1.3.2578
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited,
6.5MEDIUM
 CVE-2023-51365
>= 4.5.1 and < 4.5.4.2627
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
8.7HIGH
 CVE-2023-51364
>= 4.5.1 and < 4.5.4.2627
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
8.7HIGH
 CVE-2023-50364
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
6.4MEDIUM
 CVE-2023-50363
all versions
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
7.4HIGH
 CVE-2023-50362
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.0MEDIUM
 CVE-2023-50361
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.0MEDIUM
 CVE-2024-21901
< 4.5.4.2627
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated a
4.7MEDIUM
 CVE-2024-21900
< 5.1.3.2578
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability cou
4.3MEDIUM
 CVE-2024-21899
< 4.5.4.2627
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
9.8CRITICAL
 CVE-2023-34980
>= 4.5.1 and < 4.5.4.2627
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
5.9MEDIUM
 CVE-2023-32969
>= 5.1.0 and < 5.1.4.2596
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability c
4.9MEDIUM
 CVE-2023-50358
>= 4.2.0 and < 4.2.6
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
5.8MEDIUM
 CVE-2023-47218
>= 5.1.0 and < 5.1.5.2645
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
5.8MEDIUM
 CVE-2023-50359
all versions
An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vuln
3.4LOW
 CVE-2023-47568
all versions
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
8.8HIGH
 CVE-2023-47567
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
4.7MEDIUM
 CVE-2023-47566
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
6.7MEDIUM
 CVE-2023-45037
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45036
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45035
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45028
all versions
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploite
5.5MEDIUM
 CVE-2023-45027
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
5.5MEDIUM
 CVE-2023-45026
all versions
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
5.5MEDIUM
 CVE-2023-45025
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
9.0CRITICAL
 CVE-2023-41292
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-41283
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
5.5MEDIUM
 CVE-2023-41282
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
5.5MEDIUM
 CVE-2023-41281
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
5.5MEDIUM
 CVE-2023-41280
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.5MEDIUM
 CVE-2023-41279
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.5MEDIUM
 CVE-2023-41278
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.5MEDIUM
 CVE-2023-41277
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.5MEDIUM
 CVE-2023-41276
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.5MEDIUM
 CVE-2023-41275
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
5.5MEDIUM
 CVE-2023-41274
all versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
5.5MEDIUM
 CVE-2023-41273
all versions
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the v
5.5MEDIUM
 CVE-2023-39303
all versions
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
5.3MEDIUM
 CVE-2023-39302
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
6.6MEDIUM
 CVE-2023-39297
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
8.8HIGH
 CVE-2023-32967
all versions
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
5.0MEDIUM
 CVE-2023-45044
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45043
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45042
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45041
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45040
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-45039
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-39296
all versions
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerab
7.5HIGH
 CVE-2023-39294
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
6.6MEDIUM
 CVE-2023-32975
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
4.9MEDIUM
 CVE-2023-32968
all versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
4.5MEDIUM
 CVE-2023-23372
all versions
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the v
6.5MEDIUM
 CVE-2023-23367
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
4.7MEDIUM
 CVE-2023-39301
< 5.1.1.2491
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploite
4.3MEDIUM
 CVE-2023-23369
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
9.0CRITICAL
 CVE-2023-23368
all versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulner
9.8CRITICAL
 CVE-2023-32974
>= 5.1.0 and < 5.1.0.2444
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
7.5HIGH
 CVE-2023-32973
>= 4.5.1 and < 4.5.4.2467
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-32970
>= 4.5.1 and < 4.5.4.2467
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vul
4.9MEDIUM
 CVE-2023-32972
>= 4.5.0 and < 4.5.4.2467
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-32971
>= 4.5.0 and < 4.5.4.2467
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If
3.8LOW
 CVE-2023-23363
>= 4.3.3 and < 4.3.3.2420
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vu
8.1HIGH
 CVE-2023-23362
>= 4.5.4 and < 4.5.4.2374
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows r
8.8HIGH
 CVE-2023-34973
>= 5.0.1 and < 5.0.1.2425
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly
3.1LOW
 CVE-2023-34972
>= 5.0.1 and < 5.0.1.2425
A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited,
3.5LOW
 CVE-2023-34971
>= 4.5.4 and < 4.5.4.2467
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerabilit
7.1HIGH
 CVE-2022-27598
< 5.0.1.2346
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remo
2.7LOW
 CVE-2022-27597
< 5.0.1.2346
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remo
2.7LOW
 CVE-2023-23355
< 5.0.1.2346
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly
6.6MEDIUM
 CVE-2022-27596
>= 5.0.1 and < 5.0.1.2234
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote att
9.8CRITICAL
 CVE-2021-44054
>= 4.3.3.0174 and < 4.3.3.1945
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vu
4.3MEDIUM
 CVE-2021-44053
>= 4.3.3.0174 and < 4.3.3.1945
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploi
5.7MEDIUM
 CVE-2021-44052
>= 4.3.3.0174 and < 4.3.3.1945
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running Qu
6.5MEDIUM
 CVE-2021-44051
>= 4.3.3.0174 and < 4.3.3.1945
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vu
8.8HIGH
 CVE-2021-38693
< 4.5.4.1991
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If ex
5.3MEDIUM
 CVE-2021-38674
< 4.5.4.1787
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerabil
4.2MEDIUM
 CVE-2021-34343
< 4.3.3.1693
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, thi
6.0MEDIUM
 CVE-2021-28816
< 4.3.3.1693
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, thi
7.6HIGH
 CVE-2018-19957
< 4.5.4.1715
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTS
6.1MEDIUM
 CVE-2021-28804
<= 4.5.1.1540
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attack
9.8CRITICAL
 CVE-2021-28802
< 4.5.1.1540
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attack
9.8CRITICAL
 CVE-2020-36194
< 4.5.2.1566
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attac
6.1MEDIUM
 CVE-2021-28800
< 4.3.3.1624
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerab
8.1HIGH
 CVE-2021-28806
< 4.5.3.1652
A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability all
5.7MEDIUM
 CVE-2021-28798
>= 4.3.2.0144 and < 4.3.3.1624
A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnera
8.8HIGH
 CVE-2020-36195
< 4.3.3
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If e
9.8CRITICAL
 CVE-2020-2509
< 4.2.6
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers
9.8CRITICAL
 CVE-2018-19942
< 4.2.6
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulner
6.1MEDIUM
 CVE-2020-2508
< 4.5.1.1456
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers
7.2HIGH
 CVE-2018-19945
>= 4.3.4 and < 4.3.4.0899
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a p
9.1CRITICAL
 CVE-2018-19944
< 4.4.3.1354
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, thi
7.5HIGH
 CVE-2018-19941
< 4.5.1.1456
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive info
7.5HIGH
 CVE-2020-25847
< 4.5.1.1495
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have alread
8.8HIGH
 CVE-2020-2498
< 4.4.3.1354
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configu
6.1MEDIUM
 CVE-2020-2497
< 4.5.1.1456
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection L
6.1MEDIUM
 CVE-2020-2496
< 4.5.1.1456
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP
6.1MEDIUM
 CVE-2020-2495
< 4.5.1.1456
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP
6.1MEDIUM
 CVE-2019-7198
< 4.4.3.1354
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have alread
9.8CRITICAL
 CVE-2020-2492
< 4.4.3.1421
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects:
7.2HIGH
 CVE-2020-2490
< 4.4.3.1421
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects:
7.2HIGH
 CVE-2018-19953
< 4.2.6
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixe
6.1MEDIUM
 CVE-2018-19949
< 4.2.6
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed
9.8CRITICAL
 CVE-2018-19943
< 4.2.6
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixe
8.0HIGH
 CVE-2019-7193
all versions
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerabil
9.8CRITICAL
 CVE-2019-7183
all versions
This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recomm
9.8CRITICAL
 CVE-2019-7197
all versions
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnera
4.8MEDIUM
 CVE-2018-0730
all versions
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne
9.8CRITICAL
 CVE-2018-0716
all versions
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QT
6.1MEDIUM
 CVE-2018-14749
all versions
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 201
9.8CRITICAL
 CVE-2018-14748
all versions
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 bu
7.5HIGH
 CVE-2018-14747
all versions
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6
7.5HIGH
 CVE-2018-14746
all versions
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 2
9.8CRITICAL
 CVE-2018-0721
all versions
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QT
7.7HIGH
 CVE-2018-0719
all versions
Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue
5.5MEDIUM
 CVE-2018-0712
<= 4.3.4
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 2018041
9.8CRITICAL
 CVE-2017-13072
all versions
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build
6.1MEDIUM
 CVE-2018-0711
all versions
Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions co
6.1MEDIUM
 CVE-2017-7632
all versions
Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier al
6.1MEDIUM
 CVE-2017-7631
all versions
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build
6.1MEDIUM
 CVE-2017-7630
all versions
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive inform
5.3MEDIUM
 CVE-2017-17033
<= 4.3.3.0378
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.03
9.8CRITICAL
 CVE-2017-17032
<= 4.3.3.0378
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.03
9.8CRITICAL
 CVE-2017-17031
<= 4.3.3.0378
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.03
9.8CRITICAL
 CVE-2017-17030
<= 4.3.3.0378
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387
9.8CRITICAL
 CVE-2017-17029
<= 4.3.3.0378
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387
9.8CRITICAL
 CVE-2017-17028
<= 4.3.3.0378
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4
9.8CRITICAL
 CVE-2017-17027
<= 4.3.3.0378
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Be
9.8CRITICAL
 CVE-2017-10700
all versions
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands a
9.8CRITICAL
 CVE-2017-13067
>= 4.2.0 and <= 4.2.6
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20
9.8CRITICAL
 CVE-2017-7876
<= 4.2.6
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have a
10.0CRITICAL
 CVE-2017-7629
<= 4.2.6
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
7.5HIGH
 CVE-2017-6361
<= 4.2.4
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
9.8CRITICAL
 CVE-2017-6360
<= 4.2.4
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspec
9.8CRITICAL
 CVE-2017-6359
<= 4.2.4
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecif
9.8CRITICAL
 CVE-2017-5227
<= 4.2.4
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading d
7.5HIGH
 CVE-2015-5664
<= 4.1.4
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web
6.1MEDIUM
 CVE-2015-6003
<= 4.1.4
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled,
 CVE-2014-7169
< 4.1.1
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environme
9.8CRITICAL
 CVE-2014-6271
< 4.1.1
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows re
9.8CRITICAL
 CVE-2013-7174
<= 4.0.3
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files v
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin