CVE-2026-24716 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2026-24716

CVE-2026-24716 is a NULL pointer dereference in several QNAP OS versions that enables a remote attacker with an administrator account to trigger a denial-of-service condition. Affected products include QTS 5.2.x and QuTS hero series; fixed builds are QTS 5.2.9.3492+ (20260507+), QuTS hero h5.2.9....

CVE-2026-24716 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

EUVD-2026-35973

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2026-22899 File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2025-66281 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...

CVE-2025-66281 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...

CVE-2025-66281

CVE-2025-66281 describes a NULL pointer dereference vulnerability affecting several QNAP operating system versions. According to the sources, remote attackers could exploit this to cause a denial-of-service (DoS). QNAP has issued fixes in multiple releases: QTS 5.2.9.3410 build 20260214 and later...

CVE-2025-55659

A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55651

A NULL pointer dereference in the gfisomgetuserdatacount function isomedia/isomread.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55657

A NULL pointer dereference in the gfodfvvccfgwritebs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-62850 QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2026-45541

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

CVE-2026-45541

The CVE describes a NULL-pointer dereference in the WebSocket subprotocol-negotiation path of the esp_http_server component in ESF-IDF. During the WebSocket handshake, parsing the clientS WebSocket Protocol header may dereference a NULL tokenisation result, causing a crash before any application...

CVE-2026-45541 ESF-IDF: Remote Null Pointer Dereference in WebSocket Server

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

PT-2026-48572

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-50 ImageMagick versions prior to 7.1.2-25 Description A null pointer dereference occurs when incorrect arguments are passed during the distort operation. A null pointer dereference is a situation where a...

PT-2026-48358

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

PT-2026-48363

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...

PT-2026-48365

Name of the Vulnerable Software and Affected Versions File Station versions prior to 5.5.6.5208 Description A NULL pointer dereference allows a remote attacker with a user account to launch a denial-of-service DoS attack. A NULL pointer dereference occurs when a program attempts to read or write ...

QNAP quts hero 异常处理不当漏洞

QNAP Systems QuTS hero is a software with data storage and management capabilities developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems QuTS hero, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers t...