Qnap Security Vulnerabilities (CVEs)
Track 240 security vulnerabilities affecting Qnap products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A command injection vulnerability in HybridDesk Station allows attackers with local network access to execute arbitrary commands on affected systems. ...
Aug 29, 2025A path traversal vulnerability in Qsync Central allows authenticated remote attackers to read arbitrary files on the system. This affects all QNAP use...
Aug 29, 2025A path traversal vulnerability in Qsync Central allows authenticated remote attackers to read arbitrary files on the system. This affects all Qsync Ce...
Aug 29, 2025A NULL pointer dereference vulnerability in Qsync Central allows authenticated remote attackers to cause denial-of-service conditions. This affects or...
Aug 29, 2025An improper certificate validation vulnerability in Qsync Central allows attackers with user accounts to bypass certificate checks and potentially int...
Aug 29, 2025A path traversal vulnerability in QNAP operating systems allows authenticated attackers with administrator privileges to read arbitrary files. This af...
Aug 29, 2025A path traversal vulnerability in QNAP operating systems allows authenticated attackers to read arbitrary files. This affects QTS and QuTS hero users ...
Aug 29, 2025A NULL pointer dereference vulnerability in QNAP operating systems allows attackers to cause denial-of-service conditions by crashing affected systems...
Aug 29, 2025An out-of-bounds write vulnerability in QNAP operating systems allows authenticated remote attackers to modify or corrupt memory. This affects QNAP NA...
Aug 29, 2025A NULL pointer dereference vulnerability in Qsync Central allows authenticated remote attackers to cause denial-of-service by crashing the service. Th...
Aug 29, 2025This CVE describes a command injection vulnerability in QNAP operating systems that allows authenticated attackers to execute arbitrary commands on af...
Aug 29, 2025A NULL pointer dereference vulnerability in QNAP operating systems allows authenticated remote attackers to cause denial-of-service conditions. This a...
Aug 29, 2025This vulnerability in QNAP File Station 5 allows authenticated attackers to exhaust system resources through uncontrolled allocation, potentially caus...
Aug 29, 2025This vulnerability in Qsync Central allows authenticated remote attackers to perform resource exhaustion attacks by allocating resources without limit...
Aug 29, 2025An SQL injection vulnerability in Qsync Central allows authenticated remote attackers to execute arbitrary SQL commands. This could lead to unauthoriz...
Aug 29, 2025An uncontrolled resource consumption vulnerability in Qsync Central allows authenticated remote attackers to cause denial-of-service conditions. This ...
Aug 29, 2025A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated remote attackers to cause denial-of-service by crashing the servi...
Aug 29, 2025A command injection vulnerability in QuRouter 2.5.1 allows authenticated attackers with administrator privileges to execute arbitrary commands on affe...
Aug 29, 2025A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service conditions. This affects use...
Aug 29, 2025A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service conditions. This affects use...
Aug 29, 2025A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service conditions. This affects use...
Aug 29, 2025A stored cross-site scripting (XSS) vulnerability in QNAP Photo Station allows authenticated attackers to inject malicious scripts that execute in vic...
Aug 29, 2025A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated remote attackers to cause denial-of-service by crashing the servi...
Aug 26, 2025An out-of-bounds write vulnerability in QNAP File Station 5 allows authenticated attackers to modify or corrupt memory. This could lead to arbitrary c...
Aug 18, 2025A path traversal vulnerability in QNAP File Station 5 allows authenticated attackers to read arbitrary files on the system. This affects all QNAP NAS ...
Jun 6, 2025This CVE describes an improper certificate validation vulnerability in QNAP File Station 5. If an attacker obtains valid user credentials, they can ex...
Jun 6, 2025A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service by crashing the service. Thi...
Jun 6, 2025This CVE describes an improper certificate validation vulnerability in QNAP File Station 5 that allows remote attackers with user access to bypass cer...
Jun 6, 2025This CVE describes an improper certificate validation vulnerability in QNAP File Station 5. If exploited, remote attackers with user access could comp...
Jun 6, 2025This CVE describes an improper certificate validation vulnerability in QNAP File Station 5 that could allow remote attackers with user access to compr...
Jun 6, 2025An out-of-bounds read vulnerability in QNAP File Station 5 allows local attackers with administrator privileges to read sensitive memory data. This af...
Jun 6, 2025This vulnerability in QNAP File Station 5 allows authenticated attackers to exhaust system resources through uncontrolled resource allocation. Attacke...
Jun 6, 2025An improper authentication vulnerability in QNAP QHora routers allows attackers with local network access to bypass authentication mechanisms and comp...
Jun 6, 2025A buffer overflow vulnerability in QNAP operating systems could allow authenticated remote attackers to modify memory or crash processes. This affects...
Jun 6, 2025A command injection vulnerability in QNAP operating systems allows authenticated remote attackers to execute arbitrary commands on affected devices. T...
Jun 6, 2025A buffer overflow vulnerability in QNAP HBS 3 Hybrid Backup Sync allows remote attackers to modify memory or crash processes. This affects all systems...
Mar 7, 2025This CVE describes an out-of-bounds write vulnerability in QNAP operating systems that could allow remote attackers with administrator access to modif...
Mar 7, 2025A double free vulnerability in QNAP operating systems could allow remote attackers with administrator access to modify memory, potentially leading to ...
Mar 7, 2025An out-of-bounds write vulnerability in QNAP operating systems could allow remote attackers with administrator access to modify or corrupt memory. Thi...
Mar 7, 2025This CVE describes an improper certificate validation vulnerability in QNAP Helpdesk software. Attackers could exploit this to perform man-in-the-midd...
Mar 7, 2025A command injection vulnerability in QNAP operating systems allows remote attackers with administrator access to execute arbitrary commands on affecte...
Mar 7, 2025This CRLF injection vulnerability in QNAP operating systems allows attackers with user access to manipulate application data by injecting carriage ret...
Mar 7, 2025This CVE describes an information exposure vulnerability in QNAP NAS products that could allow remote attackers to access sensitive system information...
Mar 7, 2025An out-of-bounds write vulnerability in QNAP operating systems allows remote attackers with administrator access to modify or corrupt memory. This aff...
Mar 7, 2025This vulnerability in QNAP File Station 5 allows remote attackers to read or write files and directories without proper authorization. It affects all ...
Mar 7, 2025This cross-site scripting (XSS) vulnerability in QNAP's QuLog Center allows attackers with administrator access to inject malicious scripts that could...
Dec 19, 2024CVE-2022-27595 is an insecure library loading vulnerability in QVPN Device Client that allows local attackers with user access to execute arbitrary co...
Dec 19, 2024This cross-site scripting (XSS) vulnerability in QNAP's QuLog Center allows remote attackers with user access to inject malicious scripts that could b...
Dec 19, 2024This CVE describes a link following vulnerability in Qsync Central that allows remote attackers with user access to traverse the file system to uninte...
Dec 6, 2024A critical SQL injection vulnerability in QNAP SMB Service allows remote attackers to execute arbitrary SQL commands. This affects QNAP NAS devices ru...
Dec 6, 2024Why Monitor Qnap Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 240+ known vulnerabilities affecting Qnap products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Qnap packages in under 60 seconds. No agents required - completely agentless scanning that works across Qnap deployments.
Free vulnerability database: Access detailed information about every Qnap CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Qnap CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
