Skip to main content

License Center

6 CVEs product

Monthly

CVE-2025-62851 MEDIUM PATCH This Month

Path traversal in QNAP License Center (versions 1.9.0 through 1.9.55) permits a high-privileged attacker with an administrator account to read arbitrary files or system data outside the intended directory scope. The CVSS 4.0 vector (AV:N/PR:H) indicates network-reachable exploitation contingent on first obtaining administrative credentials. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available in version 1.9.56.

Path Traversal License Center
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-53597 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Buffer Overflow Denial Of Service License Center
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52871 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure License Center
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-22483 HIGH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap XSS License Center
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-50406 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later

XSS License Center
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-48863 HIGH This Week

A command injection vulnerability has been reported to affect License Center. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection License Center
NVD
CVSS 4.0
7.7
EPSS
1.0%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Path traversal in QNAP License Center (versions 1.9.0 through 1.9.55) permits a high-privileged attacker with an administrator account to read arbitrary files or system data outside the intended directory scope. The CVSS 4.0 vector (AV:N/PR:H) indicates network-reachable exploitation contingent on first obtaining administrative credentials. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available in version 1.9.56.

Path Traversal License Center
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Buffer Overflow Denial Of Service License Center
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure License Center
NVD
EPSS 0% CVSS 7.1
HIGH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap XSS License Center
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later

XSS License Center
NVD
EPSS 1% CVSS 7.7
HIGH This Week

A command injection vulnerability has been reported to affect License Center. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection License Center
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy