CVE-2025-9110

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...

CVE-2025-62857

A cross-site scripting XSS vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later...

CVE-2025-9110

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...

PT-2026-1102

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.8.3332 build 20251128 QNAP versions prior to QuTS hero h5.2.8.3321 build 20251117 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A flaw exists that allows unauthorized access to sensitive...

CVE-2025-54167

A cross-site scripting XSS vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following...

CVE-2025-54167

CVE-2025-54167 is a cross-site scripting (XSS) vulnerability affecting QNAP/N notification Center. The advisory bodies and connected sources confirm the issue exists in Notification Center components and versions prior to the fixed releases: 2.1.0.3443 and later, 1.9.2.3163 and later, and 3.0.0.3...

CVE-2025-54168

CVE-2025-54168 : A cross-site scripting (XSS) vulnerability affects QuLog Center. According to connected sources, exploitation requires an administrator account and could allow bypassing security controls or reading application data. The issue is fixed in QuLog Center 1.8.2.923 and later (release...

CVE-2024-12923

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: Photo...

CVE-2023-20039

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...

QNAP Systems QTS and QuTS hero code issue vulnerability

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems, Inc.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A code issue vulnerability exists in QNAP Systems QTS and QuTS her...

CVE-2021-28805

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...