Qnap Security Vulnerabilities (CVEs)
Track 240 security vulnerabilities affecting Qnap products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A SQL injection vulnerability in QuRouter allows remote attackers to execute arbitrary SQL commands. This affects all QuRouter systems running vulnera...
Dec 6, 2024This CVE describes a format string vulnerability in QNAP operating systems that allows attackers with administrator access to read sensitive data or m...
Dec 6, 2024This CVE describes a command injection vulnerability in QNAP License Center that allows remote attackers to execute arbitrary commands on affected sys...
Dec 6, 2024This vulnerability involves improper handling of URL encoding (hex encoding) in several QNAP operating system versions, which could allow remote attac...
Dec 6, 2024This CRLF injection vulnerability in QNAP operating systems allows remote attackers to inject carriage return and line feed sequences, potentially mod...
Dec 6, 2024A format string vulnerability in QNAP operating systems allows remote attackers with administrator access to read sensitive data or modify memory. Thi...
Nov 22, 2024A format string vulnerability in QNAP operating systems allows remote attackers to read sensitive memory or modify memory contents. This affects QTS a...
Nov 22, 2024This CVE describes a format string vulnerability in QNAP operating systems that allows attackers with administrator access to read sensitive data or m...
Nov 22, 2024This CVE describes an OS command injection vulnerability in QNAP QuRouter software that allows remote attackers to execute arbitrary commands on affec...
Nov 22, 2024CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers to access or modify files outside the intended di...
Nov 22, 2024This CVE describes a server-side request forgery (SSRF) vulnerability in QNAP Notes Station 3 that allows authenticated attackers to read application ...
Nov 22, 2024This CVE describes an information exposure vulnerability in QNAP AI Core that could allow remote attackers to access sensitive system information. The...
Nov 22, 2024This CVE describes a buffer overflow vulnerability in QNAP operating systems that allows remote attackers with administrator access to execute arbitra...
Nov 22, 2024This critical vulnerability in QNAP Notes Station 3 allows remote attackers to bypass authentication and execute privileged functions without credenti...
Nov 22, 2024This CVE describes a buffer overflow vulnerability in QNAP operating systems that allows remote attackers with administrator access to execute arbitra...
Nov 22, 2024This path traversal vulnerability in QNAP operating systems allows remote attackers with administrator access to read arbitrary files outside intended...
Nov 22, 2024This CVE describes a buffer overflow vulnerability in QNAP operating systems that allows remote attackers with administrator access to execute arbitra...
Nov 22, 2024This path traversal vulnerability in QNAP operating systems allows remote attackers with administrator access to read arbitrary files outside intended...
Nov 22, 2024A NULL pointer dereference vulnerability in QNAP operating systems could allow remote attackers with administrator access to crash the system, causing...
Nov 22, 2024This cross-site scripting (XSS) vulnerability in QNAP Photo Station allows authenticated remote attackers to inject malicious scripts into web pages. ...
Nov 22, 2024This CVE describes a cross-site scripting (XSS) vulnerability in QNAP Photo Station that allows remote attackers with user access to inject malicious ...
Nov 22, 2024This CVE describes an OS command injection vulnerability in QNAP operating systems that allows authenticated administrators to execute arbitrary comma...
Sep 6, 2024This CVE describes an OS command injection vulnerability in QNAP operating systems that allows authenticated administrators to execute arbitrary comma...
Sep 6, 2024This path traversal vulnerability in QNAP operating systems allows authenticated users to access files outside intended directories via network reques...
Sep 6, 2024A NULL pointer dereference vulnerability in QNAP operating systems could allow attackers to crash affected systems via network requests, causing denia...
Sep 6, 2024This cross-site scripting (XSS) vulnerability in QNAP operating systems allows authenticated attackers to inject malicious scripts into web applicatio...
Sep 6, 2024CVE-2023-45038 is an improper authentication vulnerability in QNAP Music Station that could allow attackers to bypass authentication mechanisms. This ...
Sep 6, 2024This CVE describes an OS command injection vulnerability in QNAP Video Station that allows authenticated users to execute arbitrary commands on the sy...
Sep 6, 2024This is a cross-site scripting (XSS) vulnerability in QNAP operating systems that allows authenticated administrators to inject malicious scripts. Att...
Sep 6, 2024This CVE describes an OS command injection vulnerability in QNAP operating systems that allows authenticated users to execute arbitrary commands via n...
Sep 6, 2024This CVE describes a missing authorization vulnerability in QNAP operating systems that allows local authenticated users to access data or perform act...
Sep 6, 2024This CVE describes a buffer overflow vulnerability in QNAP operating systems that allows authenticated attackers to execute arbitrary code remotely. I...
May 21, 2024This CVE describes a buffer overflow vulnerability in QNAP operating systems that allows attackers to execute arbitrary code remotely. It affects mult...
May 21, 2024This CVE describes an incorrect permission assignment vulnerability in QNAP operating systems that allows authenticated users to read or modify critic...
May 21, 2024This double free vulnerability in QNAP operating systems allows authenticated attackers to execute arbitrary code remotely. It affects multiple QNAP N...
May 21, 2024This CVE describes an OS command injection vulnerability in QNAP Media Streaming add-on that allows authenticated administrators to execute arbitrary ...
May 3, 2024This CVE describes an OS command injection vulnerability in multiple QNAP operating system versions that allows authenticated users to execute arbitra...
Apr 26, 2024This vulnerability in myQNAPcloud Link allows attackers to access critical functions without authentication. It affects users running vulnerable versi...
Apr 26, 2024This CVE describes an incorrect authorization vulnerability in QNAP operating systems that allows authenticated users to bypass intended access restri...
Apr 26, 2024This CVE-2023-51364 is a path traversal vulnerability in multiple QNAP operating system versions that allows authenticated users to read arbitrary fil...
Apr 26, 2024This CVE describes a path traversal vulnerability (CWE-22) in QNAP Media Streaming add-on that allows attackers to access sensitive files on the syste...
Apr 26, 2024This CVE-2024-21899 is an improper authentication vulnerability in QNAP operating systems that allows attackers to bypass authentication mechanisms an...
Mar 8, 2024This CVE describes an OS command injection vulnerability in QNAP Photo Station that allows authenticated users to execute arbitrary commands on the sy...
Feb 2, 2024This SQL injection vulnerability in QNAP operating systems allows authenticated users to execute arbitrary SQL commands via network requests. It affec...
Feb 2, 2024This CVE describes an OS command injection vulnerability in multiple QNAP operating system versions that allows authenticated users to execute arbitra...
Feb 2, 2024This CVE describes an OS command injection vulnerability in multiple QNAP operating system versions that allows authenticated users to execute arbitra...
Feb 2, 2024This CVE describes an OS command injection vulnerability in QuMagie, a photo management application from QNAP. It allows authenticated users to execut...
Jan 5, 2024A prototype pollution vulnerability in QNAP operating systems allows attackers to modify object prototypes, potentially causing system crashes via net...
Jan 5, 2024This CVE describes an OS command injection vulnerability in QNAP Video Station that allows authenticated users to execute arbitrary commands on the sy...
Jan 5, 2024An OS command injection vulnerability in legacy QNAP VioStor NVR models allows authenticated users to execute arbitrary commands on the system via net...
Dec 8, 2023Why Monitor Qnap Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 240+ known vulnerabilities affecting Qnap products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Qnap packages in under 60 seconds. No agents required - completely agentless scanning that works across Qnap deployments.
Free vulnerability database: Access detailed information about every Qnap CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Qnap CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
