| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later |
| A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
|
| An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.6 ( 2025/03/20 ) and later |
| A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.6 ( 2025/03/20 ) and later |
| A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions.
We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later |
| An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands.
We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later |
| A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data.
We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later |
| An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource.
We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later |
| An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later |
| An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.7 ( 2025/04/23 ) and later |
| An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.7 ( 2025/04/23 ) and later |
| An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.7 ( 2025/04/23 ) and later |
| An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4907 and later |
| A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4907 and later |
