4 matches found
CVE-2025-29892
An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6...
CVE-2025-29892
CVE-2025-29892 concerns QNAP Qsync Central, where an SQL injection vulnerability could allow remote attackers with user access to execute unauthorized code or commands. Public details across sources confirm the issue originates from insufficient validation of externally entered SQL statements in ...
CVE-2025-22482 Qsync Central
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...
PT-2025-24293 · Qnap · Qsync Central
Name of the Vulnerable Software and Affected Versions: Qsync Central versions prior to 4.5.0.6 Description: A use of externally-controlled format string vulnerability has been reported. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data ...