qnap

613 tracked vulnerabilities.

CVE-2025-54164 MEDIUM
QNAP QTS and QuTS hero - Authenticated Out-of-bounds Read
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-53596 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-53593 MEDIUM
QNAP QTS and QuTS hero - Authenticated Stack-based Buffer Overflow
Jan 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-53592 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-53591 MEDIUM
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
Jan 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-53590 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-53589 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-53414 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-53405 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-52872 HIGH
QNAP QTS and QuTS hero - Authenticated Buffer Overflow
Jan 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-52864 HIGH
QNAP QTS and QuTS hero - Authenticated Buffer Overflow
Jan 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-52863 HIGH
QNAP QTS and QuTS hero - Authenticated Buffer Overflow
Jan 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-52431 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-52430 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-52426 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-47208 MEDIUM
QNAP QTS and QuTS hero - Authenticated Denial of Service via Resource Exhaustion
Jan 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-44013 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Jan 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-62849 CRITICAL
QNAP QTS and QuTS hero - SQL Injection
Dec 16, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-62848 HIGH
QNAP QTS 5.2.x-5.2.7.3297 and QuTS hero h5.2.x-h5.2.7.3297 - Denial of Service via NULL Pointer Dereference
Dec 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62847 HIGH
QNAP <5.2.7.3297 - Command Injection
Dec 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59385 CRITICAL
QNAP QTS and QuTS hero - Authentication Bypass by Spoofing
Dec 16, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-58469 HIGH
QuLog Center 1.8.0.872-1.8.2.923 - Cross-Site Request Forgery
Nov 07, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-58465 MEDIUM
Download Station <5.10.0.304-5.10.0.305 - XSS
Nov 07, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-58464 HIGH
QuMagie >= 2.7.0 < 2.7.3 - Relative Path Traversal
Nov 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58463 MEDIUM
Download Station <5.10.0.304-5.10.0.305 - Path Traversal
Nov 07, 2025
CVSS 4.9
EPSS 0.00
Products
qts 272 quts_hero 223 qsync_central 62 qutscloud 62 file_station 48 photo_station 26 video_station 15 media_streaming_add-on 13 music_station 13 qurouter 12 helpdesk 11 qumagie 10 qvr 10 qulog_center 8 nas_proxy_server 7 q\'center 7 hybrid_backup_sync 6 notes_station_3 6 qvr_pro 6 license_center 5 multimedia_console 5 qunetswitch 5 qvr_elite 5 qvr_guard 5 qes 4 download_station 3 qcalagent 3 qufirewall 3 qvp-21a_firmware 3 qvp-41a_firmware 3
Quick Filters
Critical CVEs With Exploits In CISA KEV