Skip to main content

Qumagie

13 CVEs product

Monthly

CVE-2026-26237 HIGH PATCH This Week

Unauthorized data access and action execution in QNAP QuMagie versions prior to 2.9.0 allows remote attackers to bypass authorization checks and interact with resources they should not be permitted to reach. The flaw is classified as a missing authorization issue (CWE-862) and carries a CVSS 4.0 score of 8.7 due to its network-reachable, low-complexity nature with no privileges or user interaction required. No public exploit identified at time of analysis, but QNAP NAS appliances are historically high-value targets for opportunistic attackers.

Authentication Bypass Qumagie
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-44083 HIGH PATCH This Week

Authorization bypass in QNAP QuMagie versions prior to 2.9.1 allows remote unauthenticated attackers to manipulate user-controlled keys (IDOR-class flaw) and gain unintended privileges on the photo management application. The QNAP-issued advisory QSA-26-35 confirms the issue and ships a fix in 2.9.1; no public exploit identified at time of analysis, and the flaw is not currently listed in CISA KEV.

Authentication Bypass Qumagie
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-26236 HIGH PATCH This Week

Unauthorized data access and action execution in QNAP QuMagie versions prior to 2.9.0 allows remote attackers to bypass authorization checks over the network without authentication. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with low attack complexity and no privileges required, though no public exploit identified at time of analysis and KEV listing is absent.

Authentication Bypass Qumagie
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-62857 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. [CVSS 6.1 MEDIUM]

XSS Qumagie
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58464 HIGH This Month

A relative path traversal vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qumagie
NVD
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-52425 CRITICAL This Week

An SQL injection vulnerability has been reported to affect QuMagie. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 4.0
9.5
EPSS
0.2%
CVE-2024-38642 LOW Monitor

An improper certificate validation vulnerability has been reported to affect QuMagie. Rated low severity (CVSS 1.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qumagie
NVD
CVSS 4.0
1.0
EPSS
0.1%
CVE-2023-47560 HIGH This Week

An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qumagie
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2023-47559 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Qumagie
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-47219 LOW Monitor

A SQL injection vulnerability has been reported to affect QuMagie. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-41285 HIGH This Week

A SQL injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41284 HIGH This Week

A SQL injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-39295 HIGH This Week

An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qumagie
NVD
CVSS 3.1
8.8
EPSS
1.7%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthorized data access and action execution in QNAP QuMagie versions prior to 2.9.0 allows remote attackers to bypass authorization checks and interact with resources they should not be permitted to reach. The flaw is classified as a missing authorization issue (CWE-862) and carries a CVSS 4.0 score of 8.7 due to its network-reachable, low-complexity nature with no privileges or user interaction required. No public exploit identified at time of analysis, but QNAP NAS appliances are historically high-value targets for opportunistic attackers.

Authentication Bypass Qumagie
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Authorization bypass in QNAP QuMagie versions prior to 2.9.1 allows remote unauthenticated attackers to manipulate user-controlled keys (IDOR-class flaw) and gain unintended privileges on the photo management application. The QNAP-issued advisory QSA-26-35 confirms the issue and ships a fix in 2.9.1; no public exploit identified at time of analysis, and the flaw is not currently listed in CISA KEV.

Authentication Bypass Qumagie
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthorized data access and action execution in QNAP QuMagie versions prior to 2.9.0 allows remote attackers to bypass authorization checks over the network without authentication. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with low attack complexity and no privileges required, though no public exploit identified at time of analysis and KEV listing is absent.

Authentication Bypass Qumagie
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. [CVSS 6.1 MEDIUM]

XSS Qumagie
NVD
EPSS 0% CVSS 7.8
HIGH This Month

A relative path traversal vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qumagie
NVD
EPSS 0% CVSS 9.5
CRITICAL This Week

An SQL injection vulnerability has been reported to affect QuMagie. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
EPSS 0% CVSS 1.0
LOW Monitor

An improper certificate validation vulnerability has been reported to affect QuMagie. Rated low severity (CVSS 1.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qumagie
NVD
EPSS 0% CVSS 7.4
HIGH This Week

An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qumagie
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Qumagie
NVD
EPSS 0% CVSS 3.5
LOW Monitor

A SQL injection vulnerability has been reported to affect QuMagie. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A SQL injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A SQL injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qumagie
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy