(Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the qvpndbmgr module...

(Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the roletype parameter...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2025-53594

A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Qfinde...

CVE-2025-53594

CVE-2025-53594 is a path-traversal vulnerability affecting QNAP products. A local attacker who has a user account can exploit the issue to read contents of unexpected files or system data. The vulnerability is reported across Qfinder Pro Mac, Qsync for Mac, and QVPN Device Client for Mac, with fi...

CVE-2025-53594 Qfinder Pro, Qsync, QVPN

A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Qfinde...

CVE-2025-53594 Qfinder Pro, Qsync, QVPN

A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Qfinde...

PT-2026-1094

Name of the Vulnerable Software and Affected Versions Qfinder Pro Mac versions prior to 7.13.0 Qsync for Mac versions prior to 5.1.5 QVPN Device Client for Mac versions prior to 2.2.8 Description A path traversal issue exists that could allow a local attacker with a user account to read the...

EUVD-2022-32096

Malicious code in bioql PyPI...

EUVD-2023-27470

Malicious code in bioql PyPI...

EUVD-2023-27471

Malicious code in bioql PyPI...

CVE-2023-23371

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following...

CVE-2023-23370

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

CVE-2024-53694

The CVE-2024-53694 issue is a TOCTOU race condition affecting QNAP products: QVPN Device Client for Mac, Qsync for Mac, and Qfinder Pro Mac. The vulnerability could allow local attackers with user access to access otherwise unauthorized resources. Mitigation/fix: patches are available in QVPN Dev...

CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro

A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...

CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro

A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...

QVPN Device Client、QNAP Systems Qsync和QNAP Systems Qfinder Pro 安全漏洞

QNAP Systems QVPN Device Client and others are products of China-based Weilian Technology QNAP Systems.QVPN Device Client is a client software program used to manage connections to VPN servers running on QNAP devices.QNAP Systems Qfinder Pro is a utility for quickly searching and managing a NAS...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595

CVE-2022-27595 corresponds to an insecure library loading vulnerability in QNAP’s QVPN Device Client. Multiple connected sources consistently state that a local attacker who already has user access can exploit this issue to execute unauthorized code or commands on affected systems. The problem is...