PT-2026-24596

🚨 CVE-2024-14026 A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53414)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2023-45042

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2018-19949

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build...

CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later Q...

CVE-2025-53592

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...

CVE-2025-54165

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...

PT-2026-1072

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNA...

CVE-2025-62849

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and...

EUVD-2025-203490

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

PT-2025-46142

Name of the Vulnerable Software and Affected Versions QNAP HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description A flaw exists in QNAP HBS 3 Hybrid Backup Sync related to incorrect path restriction for an access-limited directory. Successful exploitation by a remote attacker could lea...

EUVD-2018-11614

Malware in sbrugna...

EUVD-2020-23758

Malware in sbrugna...

EUVD-2018-11613

Malware in sbrugna...

EUVD-2020-22290

Malware in sbrugna...

EUVD-2020-22289

Malware in sbrugna...

EUVD-2017-8197

Malware in sbrugna...

EUVD-2018-1532

Malware in sbrugna...

EUVD-2021-15472

Malware in sbrugna...

EUVD-2018-11616

Malware in sbrugna...