Qnap QTS and QuTS hero Allocation of Resources Without Limits or Throttling (CVE-2025-47208)

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...

Qnap QTS and QuTS hero Allocation of Resources Without Limits or Throttling (CVE-2025-57705)

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessin...

Qnap QTS and QuTS hero Improper Limitation of a Pathname to a Restricted Directory (CVE-2025-59381)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2025-48721)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Q...

NVIDIA CUDA Toolkit OS Command Injection Vulnerability

The NVIDIA CUDA toolkit is a toolset developed by NVIDIA Corporation in the United States. It provides a development environment for creating high-performance GPU-accelerated applications. The CUDA toolkit contains a vulnerability related to operating system command injection. This vulnerability...

Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2025-52872)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and QuTS hero Out-of-bounds Read (CVE-2025-54165)

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2025-52864)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-44013)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53589)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

Qnap QTS and QuTS hero Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-2025-9110)

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...

Qnap QTS and QuTS hero Stack-based Buffer Overflow (CVE-2025-53593)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53596)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-52430)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in an SQL Command (CVE-2025-62849)

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and...

Qnap QTS and QuTS hero Uncontrolled Resource Consumption (CVE-2022-27600)

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of- service DoS attack. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and QuTS hero Improper Neutralization of Argument Delimiters in a Command (CVE-2025-62847)

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and QuTS hero Integer Overflow or Wraparound (CVE-2024-21905)

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in an OS Command (CVE-2023-34980)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2627...

CVE-2025-24090

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps...