Skip to main content

Quts Hero

170 CVEs product

Monthly

CVE-2026-24719 MEDIUM PATCH This Month

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows an attacker who already holds an administrator account to execute arbitrary OS commands on the appliance. The flaw carries a CVSS 4.0 score of 8.6, but the PR:H requirement substantially narrows the attacker population; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. QNAP has shipped fixed builds (QTS 5.2.9.3492 build 20260507 and QuTS hero h5.2.9.3499 build 20260514).

Qnap Command Injection Qts Quts Hero
NVD VulDB
CVSS 4.0
6.1
EPSS
0.5%
CVE-2026-24717 LOW PATCH Monitor

Path traversal in QNAP QTS and QuTS hero NAS operating systems exposes arbitrary file contents to attackers who have already obtained administrator-level access. The root cause (CWE-22) indicates insufficient sanitization of file path inputs, allowing directory escape to reach files outside intended scope. No public exploit code has been identified at time of analysis, and CISA KEV lists no active exploitation - making this a targeted post-compromise risk rather than an opportunistic mass-exploitation scenario. Vendor-released patches address all affected branches as of May 2026.

Path Traversal Qnap Qts Quts Hero
NVD VulDB
CVSS 4.0
1.2
EPSS
0.2%
CVE-2026-24716 LOW PATCH Monitor

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems enables a remote, administrator-authenticated attacker to trigger a denial-of-service condition. Exploitation requires the attacker to first hold or acquire an administrator account on the target device, after which a crafted request can crash system services. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Denial Of Service Null Pointer Dereference Qnap Qts Quts Hero
NVD VulDB
CVSS 4.0
1.2
EPSS
0.1%
CVE-2026-22893 HIGH PATCH This Week

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows attackers with administrator credentials to execute arbitrary OS commands on the appliance. The flaw spans multiple QTS and QuTS hero release trains (5.2.x, 5.3.x, and 6.0.x) and has been patched by QNAP across all affected branches. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV, but the post-authentication code execution primitive is highly valuable for attackers who have already harvested admin credentials.

Qnap Command Injection Qts Quts Hero
NVD VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-66281 MEDIUM PATCH This Month

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems allows remote unauthenticated attackers to crash a network-facing service and cause a denial-of-service condition without any authentication or user interaction. Multiple active OS branches are affected - QTS 5.2.x and QuTS hero h5.2.x through h6.0.x - across a device population that is historically internet-exposed and frequently targeted. No public exploit has been identified and this vulnerability is not listed in CISA KEV, but the zero-authentication, network-accessible attack surface makes DoS attempts trivially repeatable against unpatched devices.

Denial Of Service Null Pointer Dereference Qnap Qts Quts Hero
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-66280 MEDIUM PATCH This Month

Integer overflow (CWE-190) in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already obtained an administrator account to further compromise system integrity and availability. Affected versions span QTS 5.2.x and QuTS hero h5.2.x through h6.0.x; QNAP released patched builds in February and May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory prerequisite of administrator-level access materially constrains real-world exploitability.

Qnap Integer Overflow Buffer Overflow Qts Quts Hero
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-66279 HIGH PATCH This Week

Authenticated command injection in QNAP QTS and QuTS hero allows a remote attacker holding administrator credentials to execute arbitrary OS commands on the NAS appliance. The CVSS 4.0 base score of 8.6 reflects high impact across confidentiality, integrity, and availability, though exploitation requires high privileges (PR:H). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; QNAP has released fixed builds across affected QTS and QuTS hero branches.

Qnap Command Injection Qts Quts Hero
NVD VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-66273 HIGH PATCH This Week

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already obtained administrator credentials to execute arbitrary OS commands on the appliance. Reported by QNAP itself and tracked as EUVD-2025-210099, the issue affects multiple branches across QTS 5.2.x and QuTS hero 5.2.x, 5.3.x, and 6.0.x and is fixed in builds dated 2026-02-06 through 2026-05-20. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Qnap Command Injection Qts Quts Hero
NVD VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-62850 MEDIUM This Month

NULL pointer dereference in QNAP QuTS hero NAS operating system allows a remote attacker who has already obtained or possesses an administrator account to trigger a denial-of-service condition, crashing affected services. Affected branches span QuTS hero h5.2.x, h5.3.x, and h6.0.x series, with vendor-released patches available as of early-to-mid 2026. No public exploit code or CISA KEV listing has been identified at time of analysis, and the mandatory prerequisite of high-privilege authentication substantially constrains real-world impact.

Denial Of Service Null Pointer Dereference Qnap Quts Hero
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-59382 LOW Monitor

External control of assumed-immutable web parameters in QNAP NAS software enables remote unauthenticated attackers to achieve low-integrity impact by manipulating parameters the application treats as unmodifiable. The vulnerability requires active user interaction to trigger, limiting opportunistic exploitation. QNAP has released a fix per advisory QSA-26-10; no public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Qts Quts Hero Qutscloud
NVD VulDB
CVSS 4.0
1.2
EPSS
0.0%
CVE-2025-66276 CRITICAL PATCH Act Now

High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250913 allows remote unauthenticated attackers to obtain sensitive data over the network with low attack complexity, per CVSS v4.0 vector AV:N/AC:L/PR:N/UI:N rating 9.2. The vendor has released a fix, and notably QuTS hero is explicitly unaffected. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Qts Quts Hero
NVD VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2025-62858 MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP QTS and QuTS hero NAS operating systems enables an authenticated administrator to corrupt stack memory or crash processes via a network-accessible attack path. Affected versions span QTS 5.2.x and multiple QuTS hero release trains (h5.2.x, h5.3.x, h6.0.x), with vendor-released patches dated February-May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory high-privilege prerequisite substantially limits realistic attack surface.

Stack Overflow Qnap Buffer Overflow Qts Quts Hero
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-41539 MEDIUM PATCH This Month

Cross-site scripting in QNAP QTS and QuTS hero operating systems allows remote attackers to bypass security mechanisms and read application data when an authenticated user interacts with attacker-supplied content. The flaw carries a CVSS 4.0 score of 8.7 driven by network reachability, low attack complexity, no required privileges, and high impact across confidentiality, integrity, and availability of the NAS management surface. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

XSS Qnap Qts Quts Hero
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-14026 HIGH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. [CVSS 7.8 HIGH]

Qnap Command Injection Quts Hero Qts
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-66277 CRITICAL Act Now

Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link resolution for unauthorized access.

Qnap Qts Quts Hero
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-59386 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-58466 MEDIUM This Month

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. [CVSS 4.9 MEDIUM]

Qnap Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-48725 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-47205 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-9110 HIGH This Week

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. [CVSS 7.5 HIGH]

Qnap Quts Hero Qts
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-62852 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59380 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-48721 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57705 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1...

Qnap Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54166 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54165 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54164 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53596 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53593 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53592 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-53591 MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by use of externally-controlled format string (CVSS 6.5).

Qnap Quts Hero Qts
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53590 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53589 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53414 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53405 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52872 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52864 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52863 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52431 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52430 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52426 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-47208 MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Qnap Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-44013 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-53407 MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53406 MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52866 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52862 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52860 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52859 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52858 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52857 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52855 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52854 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52853 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52433 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52432 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later QuTS hero h5.2.6.3195 build 20250715 and later QuTS hero h5.3.0.3192 build 20250716 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52429 MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52428 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52427 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52424 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-48730 MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Quts Hero Qts
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48729 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-48728 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-48727 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-48726 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-47214 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-47213 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-47212 HIGH PATCH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Command Injection Qts Quts Hero
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-47211 MEDIUM PATCH This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Path Traversal Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-33032 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-30274 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-30273 HIGH This Month

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-30272 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-30271 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-30270 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-30268 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30267 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30265 LOW Monitor

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Buffer Overflow Qts Quts Hero
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-30264 HIGH This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-29882 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-22481 HIGH PATCH This Week

Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.

Qnap Command Injection RCE Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-56805 MEDIUM PATCH This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-53699 LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow Qts Quts Hero
NVD
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-53698 LOW Monitor

A double free vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-53697 LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow Quts Hero Qts
NVD
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-53696 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Qulog Center Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-53693 HIGH This Week

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Code Injection Qts Quts Hero
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-53692 MEDIUM This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-50405 MEDIUM This Month

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Code Injection Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-38638 LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow Qts Quts Hero
NVD
CVSS 4.0
2.1
EPSS
0.2%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows an attacker who already holds an administrator account to execute arbitrary OS commands on the appliance. The flaw carries a CVSS 4.0 score of 8.6, but the PR:H requirement substantially narrows the attacker population; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. QNAP has shipped fixed builds (QTS 5.2.9.3492 build 20260507 and QuTS hero h5.2.9.3499 build 20260514).

Qnap Command Injection Qts +1
NVD VulDB
EPSS 0% CVSS 1.2
LOW PATCH Monitor

Path traversal in QNAP QTS and QuTS hero NAS operating systems exposes arbitrary file contents to attackers who have already obtained administrator-level access. The root cause (CWE-22) indicates insufficient sanitization of file path inputs, allowing directory escape to reach files outside intended scope. No public exploit code has been identified at time of analysis, and CISA KEV lists no active exploitation - making this a targeted post-compromise risk rather than an opportunistic mass-exploitation scenario. Vendor-released patches address all affected branches as of May 2026.

Path Traversal Qnap Qts +1
NVD VulDB
EPSS 0% CVSS 1.2
LOW PATCH Monitor

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems enables a remote, administrator-authenticated attacker to trigger a denial-of-service condition. Exploitation requires the attacker to first hold or acquire an administrator account on the target device, after which a crafted request can crash system services. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Denial Of Service Null Pointer Dereference Qnap +2
NVD VulDB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows attackers with administrator credentials to execute arbitrary OS commands on the appliance. The flaw spans multiple QTS and QuTS hero release trains (5.2.x, 5.3.x, and 6.0.x) and has been patched by QNAP across all affected branches. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV, but the post-authentication code execution primitive is highly valuable for attackers who have already harvested admin credentials.

Qnap Command Injection Qts +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems allows remote unauthenticated attackers to crash a network-facing service and cause a denial-of-service condition without any authentication or user interaction. Multiple active OS branches are affected - QTS 5.2.x and QuTS hero h5.2.x through h6.0.x - across a device population that is historically internet-exposed and frequently targeted. No public exploit has been identified and this vulnerability is not listed in CISA KEV, but the zero-authentication, network-accessible attack surface makes DoS attempts trivially repeatable against unpatched devices.

Denial Of Service Null Pointer Dereference Qnap +2
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Integer overflow (CWE-190) in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already obtained an administrator account to further compromise system integrity and availability. Affected versions span QTS 5.2.x and QuTS hero h5.2.x through h6.0.x; QNAP released patched builds in February and May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory prerequisite of administrator-level access materially constrains real-world exploitability.

Qnap Integer Overflow Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Authenticated command injection in QNAP QTS and QuTS hero allows a remote attacker holding administrator credentials to execute arbitrary OS commands on the NAS appliance. The CVSS 4.0 base score of 8.6 reflects high impact across confidentiality, integrity, and availability, though exploitation requires high privileges (PR:H). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; QNAP has released fixed builds across affected QTS and QuTS hero branches.

Qnap Command Injection Qts +1
NVD VulDB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already obtained administrator credentials to execute arbitrary OS commands on the appliance. Reported by QNAP itself and tracked as EUVD-2025-210099, the issue affects multiple branches across QTS 5.2.x and QuTS hero 5.2.x, 5.3.x, and 6.0.x and is fixed in builds dated 2026-02-06 through 2026-05-20. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Qnap Command Injection Qts +1
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

NULL pointer dereference in QNAP QuTS hero NAS operating system allows a remote attacker who has already obtained or possesses an administrator account to trigger a denial-of-service condition, crashing affected services. Affected branches span QuTS hero h5.2.x, h5.3.x, and h6.0.x series, with vendor-released patches available as of early-to-mid 2026. No public exploit code or CISA KEV listing has been identified at time of analysis, and the mandatory prerequisite of high-privilege authentication substantially constrains real-world impact.

Denial Of Service Null Pointer Dereference Qnap +1
NVD VulDB
EPSS 0% CVSS 1.2
LOW Monitor

External control of assumed-immutable web parameters in QNAP NAS software enables remote unauthenticated attackers to achieve low-integrity impact by manipulating parameters the application treats as unmodifiable. The vulnerability requires active user interaction to trigger, limiting opportunistic exploitation. QNAP has released a fix per advisory QSA-26-10; no public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Qts Quts Hero +1
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250913 allows remote unauthenticated attackers to obtain sensitive data over the network with low attack complexity, per CVSS v4.0 vector AV:N/AC:L/PR:N/UI:N rating 9.2. The vendor has released a fix, and notably QuTS hero is explicitly unaffected. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Qts Quts Hero
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP QTS and QuTS hero NAS operating systems enables an authenticated administrator to corrupt stack memory or crash processes via a network-accessible attack path. Affected versions span QTS 5.2.x and multiple QuTS hero release trains (h5.2.x, h5.3.x, h6.0.x), with vendor-released patches dated February-May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory high-privilege prerequisite substantially limits realistic attack surface.

Stack Overflow Qnap Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Cross-site scripting in QNAP QTS and QuTS hero operating systems allows remote attackers to bypass security mechanisms and read application data when an authenticated user interacts with attacker-supplied content. The flaw carries a CVSS 4.0 score of 8.7 driven by network reachability, low attack complexity, no required privileges, and high impact across confidentiality, integrity, and availability of the NAS management surface. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

XSS Qnap Qts +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. [CVSS 7.8 HIGH]

Qnap Command Injection Quts Hero +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link resolution for unauthorized access.

Qnap Qts Quts Hero
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. [CVSS 4.9 MEDIUM]

Qnap Denial Of Service Qts +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. [CVSS 7.5 HIGH]

Qnap Quts Hero Qts
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Qnap Path Traversal Qts +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1...

Qnap Quts Hero Qts
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Qts Quts Hero
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Quts Hero Qts
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. [CVSS 4.9 MEDIUM]

Qnap Qts Quts Hero
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by use of externally-controlled format string (CVSS 6.5).

Qnap Quts Hero Qts
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Qnap Qts Quts Hero
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Qts +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later QuTS hero h5.2.6.3195 build 20250715 and later QuTS hero h5.3.0.3192 build 20250716 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Information Disclosure Quts Hero +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Denial Of Service Qnap Null Pointer Dereference +2
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Command Injection Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Qnap Path Traversal Quts Hero +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 7.1
HIGH This Month

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnap +2
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 2.3
LOW Monitor

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Buffer Overflow Qts +1
NVD
EPSS 0% CVSS 7.7
HIGH This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.

Qnap Command Injection RCE +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

Buffer Overflow Qnap Qts +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

A double free vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Information Disclosure Qts +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Qulog Center Qts +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Code Injection Qts +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Code Injection Qts +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow +2
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy