Every CVE whose affected-product data names Qnap Qts, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2024-32766 — CVSS 10.0 (critical): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2017-7876 — CVSS 10.0 (critical): This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already…
CVE-2019-7198 — CVSS 9.8 (critical): This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed…
CVE-2017-10700 — CVSS 9.8 (critical): In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the…
CVE-2017-13067 — CVSS 9.8 (critical): QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905…
CVE-2025-66277 — CVSS 9.8 (critical): A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit…
CVE-2017-17027 — CVSS 9.8 (critical): A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2)…
CVE-2017-17028 — CVSS 9.8 (critical): A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387…
CVE-2017-17029 — CVSS 9.8 (critical): A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2)…
CVE-2017-17030 — CVSS 9.8 (critical): A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2)…
CVE-2017-17031 — CVSS 9.8 (critical): A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta…
CVE-2017-17032 — CVSS 9.8 (critical): A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta…
CVE-2017-17033 — CVSS 9.8 (critical): A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta…
CVE-2021-28802 — CVSS 9.8 (critical): A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to…
CVE-2020-36195 — CVSS 9.8 (critical): An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited…
CVE-2019-7183 — CVSS 9.8 (critical): This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend…
CVE-2017-6359 — CVSS 9.8 (critical): QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified…
CVE-2017-6360 — CVSS 9.8 (critical): QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified…
CVE-2017-6361 — CVSS 9.8 (critical): QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2025-66276 — CVSS 9.8 (critical): QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
CVE-2025-62849 — CVSS 9.8 (critical): An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit…
CVE-2023-23368 — CVSS 9.8 (critical): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2024-21899 — CVSS 9.8 (critical): An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2018-0712 — CVSS 9.8 (critical): Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and…
CVE-2025-59385 — CVSS 9.8 (critical): An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers…
CVE-2022-27596 — CVSS 9.8 (critical): A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to…
CVE-2018-0730 — CVSS 9.8 (critical): This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability…
CVE-2024-50393 — CVSS 9.8 (critical): A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2021-28804 — CVSS 9.8 (critical): A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to…
CVE-2015-6003 — CVSS 9.3 (critical): Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows…
CVE-2018-19945 — CVSS 9.1 (critical): A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname…
CVE-2024-48859 — CVSS 9.1 (critical): An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2023-23369 — CVSS 9.0 (critical): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-45025 — CVSS 9.0 (critical): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2024-21897 — CVSS 8.9 (high): A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2021-44051 — CVSS 8.8 (high): A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this…
CVE-2023-39297 — CVSS 8.8 (high): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-34974 — CVSS 8.8 (high): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2025-30264 — CVSS 8.8 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2025-22481 — CVSS 8.8 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2024-53691 — CVSS 8.8 (high): A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2024-50397 — CVSS 8.8 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2020-25847 — CVSS 8.8 (high): This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed…
CVE-2024-50396 — CVSS 8.8 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2021-28798 — CVSS 8.8 (high): A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability…
CVE-2024-32763 — CVSS 8.8 (high): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2023-23362 — CVSS 8.8 (high): An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote…
CVE-2024-21898 — CVSS 8.8 (high): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-47568 — CVSS 8.8 (high): A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2023-51365 — CVSS 8.7 (high): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2023-51366 — CVSS 8.7 (high): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2023-51364 — CVSS 8.7 (high): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2025-52863 — CVSS 8.1 (high): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2025-48725 — CVSS 8.1 (high): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2025-30273 — CVSS 8.1 (high): An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2025-52872 — CVSS 8.1 (high): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2023-23363 — CVSS 8.1 (high): A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the…
CVE-2021-28800 — CVSS 8.1 (high): A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability…
CVE-2025-52864 — CVSS 8.1 (high): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2024-38641 — CVSS 7.8 (high): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2013-7174 — CVSS 7.8 (high): Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full…
CVE-2023-39298 — CVSS 7.8 (high): A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2024-14026 — CVSS 7.8 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network…
CVE-2018-0721 — CVSS 7.7 (high): Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version…
CVE-2021-28816 — CVSS 7.6 (high): A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this…
CVE-2024-48867 — CVSS 7.5 (high): An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system…
CVE-2024-48868 — CVSS 7.5 (high): An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system…
CVE-2025-62848 — CVSS 7.5 (high): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then…
CVE-2017-5227 — CVSS 7.5 (high): QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an…
CVE-2018-19941 — CVSS 7.5 (high): A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information…
CVE-2024-27124 — CVSS 7.5 (high): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2025-62847 — CVSS 7.5 (high): An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system…
CVE-2023-32974 — CVSS 7.5 (high): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2024-48865 — CVSS 7.5 (high): An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2023-39296 — CVSS 7.5 (high): A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2025-9110 — CVSS 7.5 (high): An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP…
CVE-2018-19944 — CVSS 7.5 (high): A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this…
CVE-2023-50363 — CVSS 7.4 (high): An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2024-38638 — CVSS 7.2 (high): An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2020-2490 — CVSS 7.2 (high): If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP…
CVE-2020-2492 — CVSS 7.2 (high): If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP…
CVE-2020-2508 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to…
CVE-2023-39300 — CVSS 7.2 (high): An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated…
CVE-2024-27127 — CVSS 7.2 (high): A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow…
CVE-2024-27130 — CVSS 7.2 (high): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-37041 — CVSS 7.2 (high): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-37044 — CVSS 7.2 (high): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-50398 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-50399 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-50400 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-50401 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-50402 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-50403 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-53697 — CVSS 7.2 (high): An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2024-53699 — CVSS 7.2 (high): An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2025-47212 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-66273 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-66279 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-66280 — CVSS 7.2 (high): An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker…
CVE-2025-66281 — CVSS 7.2 (high): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then…
CVE-2026-22893 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2026-24716 — CVSS 7.2 (high): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2026-24719 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2024-53693 — CVSS 7.1 (high): An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system…
CVE-2023-34971 — CVSS 7.1 (high): An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability…
CVE-2022-27600 — CVSS 6.8 (medium): An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2023-47566 — CVSS 6.7 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-39294 — CVSS 6.6 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-34979 — CVSS 6.6 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-39302 — CVSS 6.6 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2024-21903 — CVSS 6.6 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-23355 — CVSS 6.6 (medium): An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows…
CVE-2025-52429 — CVSS 6.5 (medium): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote…
CVE-2021-44052 — CVSS 6.5 (medium): An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud…
CVE-2025-62858 — CVSS 6.5 (medium): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-48730 — CVSS 6.5 (medium): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote…
CVE-2025-62852 — CVSS 6.5 (medium): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-29882 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a…
CVE-2026-24717 — CVSS 6.5 (medium): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-30267 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a…
CVE-2025-30268 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a…
CVE-2025-30270 — CVSS 6.5 (medium): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2023-23372 — CVSS 6.5 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2025-53593 — CVSS 6.5 (medium): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-53592 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a…
CVE-2025-53591 — CVSS 6.5 (medium): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote…
CVE-2024-21905 — CVSS 6.5 (medium): An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2025-53407 — CVSS 6.5 (medium): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote…
CVE-2025-30271 — CVSS 6.5 (medium): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2025-30272 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the…
CVE-2025-53406 — CVSS 6.5 (medium): A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote…
CVE-2025-48721 — CVSS 6.5 (medium): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an…
CVE-2025-30274 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the…
CVE-2025-30265 — CVSS 6.5 (medium): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user…
CVE-2025-44013 — CVSS 6.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a…
CVE-2024-37047 — CVSS 6.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2025-47208 — CVSS 6.5 (medium): An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions…
CVE-2024-37049 — CVSS 6.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-37050 — CVSS 6.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-27129 — CVSS 6.4 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-27128 — CVSS 6.4 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-21902 — CVSS 6.4 (medium): An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions…
CVE-2023-50364 — CVSS 6.4 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2020-2495 — CVSS 6.1 (medium): If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have…
CVE-2017-7631 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727…
CVE-2017-7632 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows…
CVE-2020-2498 — CVSS 6.1 (medium): If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration…
CVE-2020-2496 — CVSS 6.1 (medium): If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have…
CVE-2015-5664 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or…
CVE-2020-2497 — CVSS 6.1 (medium): If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP…
CVE-2020-36194 — CVSS 6.1 (medium): An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to…
CVE-2018-19942 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability…
CVE-2018-19957 — CVSS 6.1 (medium): A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud…
CVE-2017-13072 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build…
CVE-2018-0711 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow…
CVE-2026-41539 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can…
CVE-2018-0716 — CVSS 6.1 (medium): Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5…
CVE-2021-34343 — CVSS 6.0 (medium): A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this…
CVE-2023-34980 — CVSS 5.9 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2024-21904 — CVSS 5.9 (medium): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2023-50358 — CVSS 5.8 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-47218 — CVSS 5.8 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2021-28806 — CVSS 5.7 (medium): A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows…
CVE-2021-44053 — CVSS 5.7 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this…
CVE-2023-41273 — CVSS 5.5 (medium): A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2023-41274 — CVSS 5.5 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2023-41282 — CVSS 5.5 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-41281 — CVSS 5.5 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-41283 — CVSS 5.5 (medium): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2023-45026 — CVSS 5.5 (medium): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2023-45027 — CVSS 5.5 (medium): A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2018-0719 — CVSS 5.5 (medium): Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects…
CVE-2023-45028 — CVSS 5.5 (medium): An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2023-41280 — CVSS 5.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2023-41279 — CVSS 5.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2023-41278 — CVSS 5.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2023-41277 — CVSS 5.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-50405 — CVSS 5.5 (medium): An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system…
CVE-2023-41276 — CVSS 5.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2023-41275 — CVSS 5.5 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-56805 — CVSS 5.4 (medium): A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
CVE-2023-51368 — CVSS 5.4 (medium): A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2023-51367 — CVSS 5.4 (medium): A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2021-38693 — CVSS 5.3 (medium): A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited…
CVE-2023-39303 — CVSS 5.3 (medium): An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the…
CVE-2024-48866 — CVSS 5.3 (medium): An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2024-13086 — CVSS 5.3 (medium): An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote…