15 matches found
CVE-2025-66273
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability arises from command injections, whic...
CVE-2023-45042
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
PT-2026-1072
Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNA...
CVE-2025-62849
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and...
EUVD-2025-203490
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...
EUVD-2019-16742
Malware in sbrugna...
EUVD-2020-22289
Malware in sbrugna...
EUVD-2020-23758
Malware in sbrugna...
EUVD-2023-37194
Malicious code in bioql PyPI...
CVE-2024-38638
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixe...
PT-2024-9217 · Qnap · Qts +1
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.9.2954 build 20241120 QTS versions prior to 5.2.2.2950 build 20241114 QuTS hero versions prior to h5.1.9.2954 build 20241120 QuTS hero versions prior to h5.2.2.2952 build 20241116 Description: A command injection...
PT-2023-8837 · Qnap · Quts Hero +2
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.0.2424...
PT-2023-8757 · Qnap · Quts Hero +2
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.0.2444 build 20230629 QuTS hero versions prior to h5.1.0.2424 build 20230609 QuTScloud versions prior to c5.1.0.2498 Description: A path traversal vulnerability has been reported, which could allow users to read the...
CVE-2020-2498 Cross-site scripting vulnerability in QTS and QuTS hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 bui...