QNAP
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any QNAP product.
RSS Feeds for QNAP security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in QNAP products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by QNAP Sorted by Most Security Vulnerabilities since 2018
Known Exploited QNAP Vulnerabilities
The following QNAP vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| QNAP VioStor NVR OS Command Injection Vulnerability |
QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. CVE-2023-47565 Exploit Probability: 88.1% |
December 21, 2023 |
| QNAP Photo Station Externally Controlled Reference Vulnerability |
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign. CVE-2022-27593 Exploit Probability: 93.1% |
September 8, 2022 |
| QNAP Photo Station Path Traversal Vulnerability |
QNAP devices running Photo Station contains an external control of file name or path vulnerability allowing remote attackers to access or modify system files. CVE-2019-7195 Exploit Probability: 94.1% |
June 8, 2022 |
| QNAP Photo Station Path Traversal Vulnerability |
QNAP devices running Photo Station contains an external control of file name or path vulnerability allowing remote attackers to access or modify system files. CVE-2019-7194 Exploit Probability: 93.9% |
June 8, 2022 |
| QNAP QTS Improper Input Validation Vulnerability |
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. CVE-2019-7193 Exploit Probability: 25.8% |
June 8, 2022 |
| QNAP Photo Station Improper Access Control Vulnerability |
QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. CVE-2019-7192 Exploit Probability: 94.3% |
June 8, 2022 |
| QNAP NAS File Station Cross-Site Scripting Vulnerability |
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. CVE-2018-19953 Exploit Probability: 31.5% |
May 24, 2022 |
| QNAP NAS File Station Command Injection Vulnerability |
A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands. CVE-2018-19949 Exploit Probability: 44.2% |
May 24, 2022 |
| QNAP NAS File Station Cross-Site Scripting Vulnerability |
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. CVE-2018-19943 Exploit Probability: 7.0% |
May 24, 2022 |
| QNAP Network-Attached Storage (NAS) Command Injection Vulnerability |
QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution. CVE-2020-2509 Exploit Probability: 84.0% |
April 11, 2022 |
| QNAP NAS Improper Authorization Vulnerability |
QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device. CVE-2021-28799 Exploit Probability: 91.1% |
March 31, 2022 |
Of the known exploited vulnerabilities above, 7 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 3 known exploited QNAP vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 73 vulnerabilities in QNAP. Last year, in 2025 QNAP had 86 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in QNAP in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 73 | 0.00 |
| 2025 | 86 | 8.00 |
| 2024 | 118 | 7.24 |
| 2023 | 37 | 7.11 |
| 2022 | 19 | 8.46 |
| 2021 | 31 | 8.05 |
| 2020 | 18 | 7.21 |
| 2019 | 7 | 7.94 |
| 2018 | 26 | 6.60 |
It may take a day or so for new QNAP vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-59383 | Mar 20, 2026 |
Buffer Overflow in Media Streaming Add-On <500.1.1 (QNAP)A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later |
|
| CVE-2025-62843 | Mar 20, 2026 |
QuRouter 2.x - Improper Channel Endpoint Restriction (Physical Access)An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later |
|
| CVE-2025-62844 | Mar 20, 2026 |
QHora Weak Auth Vulnerability (QuRouter <2.6.2.007), fixed 2.6.2.007A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later |
|
| CVE-2025-62845 | Mar 20, 2026 |
Escape Sequence Issue in QRouter 2.6.3.009 (QHora) Local Admin ExploitAn improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later |
|
| CVE-2025-62846 | Mar 20, 2026 |
SQLi in QHora PreQuRouter 2.6.2.007An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later |
|
| CVE-2026-22895 | Mar 20, 2026 |
Cross-Site Scripting (XSS) in QuFTP Service before 1.6.2A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuFTP Service 1.4.3 and later QuFTP Service 1.5.2 and later QuFTP Service 1.6.2 and later |
|
| CVE-2026-22897 | Mar 20, 2026 |
Command Injection in QuNetSwitch v<2.0.4.0415A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later |
|
| CVE-2026-22898 | Mar 20, 2026 |
Missing Auth on Critical Function in QVR Pro before 2.7.4.14A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later |
Qvr Pro
|
| CVE-2026-22900 | Mar 20, 2026 |
CVE-2026-22900: QuNetSwitch 2.0.5.0906 Fixed Hard-Coded CredentialsA use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later |
|
| CVE-2026-22901 | Mar 20, 2026 |
Cmd Injection in QuNetSwitch 2.0.5.0906+ (fixed)A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later |
|
| CVE-2026-22902 | Mar 20, 2026 |
QuNetSwitch 2.0.5.0906+ Command Injection (CVE-2026-22902)A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later |
|
| CVE-2025-59388 | Mar 12, 2026 |
Hyper Data Protector < 2.3.1.455 Hard-Coded Password VulnerabilityA use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: Hyper Data Protector 2.3.1.455 and later |
|
| CVE-2024-14026 | Mar 11, 2026 |
Command Injection in QTS / QuTS OS before 5.1.9.2954 (fixed in 5.2.3.3006)A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later |
Qts
Quts Hero
|
| CVE-2024-14025 | Mar 11, 2026 |
Video Station SQLi RCE, fixed v5.8.2 (admin local)An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later |
Video Station
|
| CVE-2024-14024 | Mar 11, 2026 |
Video Station 5.8.2 Improper Cert Validation CVE-2024-14024 (QNAP)An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later |
Video Station
|
| CVE-2024-56807 | Feb 11, 2026 |
Media Streaming add-on OBRead CVE-2024-56807 vuln before 500.1.1.6An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later |
|
| CVE-2024-56808 | Feb 11, 2026 |
Command Injection in Media Streaming Add-on <=500.1.1.5A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later |
|
| CVE-2025-30266 | Feb 11, 2026 |
Null Pointer DoS in Qsync Central <5.0.0.4A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-30269 | Feb 11, 2026 |
Ext-Cont-Format-String Vuln in Qsync Central <5.0.0.4 (CVE-2025-30269)A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-30276 | Feb 11, 2026 |
Qsync Central OOB Write Before v5.0.0.4 Remote Account ExploitAn out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-47205 | Feb 11, 2026 |
QNAP QTS <=5.2.8.3332 NULL PTR DoS VulnerabilityA NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later |
Qts
Quts Hero
|
| CVE-2025-47209 | Feb 11, 2026 |
Qsync Central NullPtr DoS (pre-5.0.0.4)A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-48722 | Feb 11, 2026 |
Qsync Central <5.0.0.4: NULL ptr deref DoS (CVE-2025-48722)A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-48723 | Feb 11, 2026 |
Qsync Central <5.0.0.4 Buffer Overflow Remote Exploit via User AccountA buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-48724 | Feb 11, 2026 |
Qsync Central Buffer Overflow 5.0.0.3A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-48725 | Feb 11, 2026 |
QNAP OS pre-5.3.2.3354 buffer overflow remote AS userA buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later |
Quts Hero
|
| CVE-2025-52868 | Feb 11, 2026 |
Qsync Central Buffer Overflow (before 5.0.0.4)A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-52869 | Feb 11, 2026 |
Buffer Overflow in Qsync Central <5.0.0.4 - Remote User Account ExploitA buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-52870 | Feb 11, 2026 |
Buffer Overflow in Qsync Central 5.0.0.3 and Earlier Enables Remote CrashA buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-53598 | Feb 11, 2026 |
Null Pointer Deref. in Qsync Central (pre-5.0.0.4) Remote DoSA NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54146 | Feb 11, 2026 |
Qsync Central 5.0.0.4+ Fixed: NULL Pointer Deref DoS via Authenticated UserA NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54147 | Feb 11, 2026 |
Qsync Central NULL PTR DoS Vulnerability (Qsync Central 5.0.0.3 and earlier)A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54148 | Feb 11, 2026 |
Qsync Central 5.0.0.4 patch for NULL pointer DoS vulnerability CVE-2025-54148A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54149 | Feb 11, 2026 |
Uncontrolled Resource Consumption in Qsync Central <5.0.0.4 DoS by Local AttackerAn uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54150 | Feb 11, 2026 |
Uncontrolled Resource Consumption Qsync Central 5.0.0.4 DoSAn uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54151 | Feb 11, 2026 |
Uncontrolled Resource Consumption DoS in Qsync Central <5.0.0.4An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54152 | Feb 11, 2026 |
Out-of-Range Pointer Offset in Qsync Central 5.0.0.4 Allows Memory ReadA use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-54155 | Feb 11, 2026 |
OOM Resource Allocation in File Station 5 before 5.5.6.5018An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later |
File Station
|
| CVE-2025-54161 | Feb 11, 2026 |
Resource Allocation DoS in Synology File Station 5 (Fixed 5.5.6.5068)An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later |
File Station
|
| CVE-2025-54162 | Feb 11, 2026 |
File Station 5 Path Traversal CVE-2025-54162 (before 5.5.6.5068)A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later |
File Station
|
| CVE-2025-54163 | Feb 11, 2026 |
File Station 5 NULL Pointer Deref DoS (Admin) Fixed in 5.5.6.5166A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later |
File Station
|
| CVE-2025-54169 | Feb 11, 2026 |
Out-of-bounds Read in Synology File Station 5 before 5.5.6.5068An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later |
File Station
|
| CVE-2025-54170 | Feb 11, 2026 |
Qsync Central 5.0.0.3 OOB Read Remote ExploitAn out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-57707 | Feb 11, 2026 |
File Station 5 Static Code Injection Before 5.5.6.5166An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later |
File Station
|
| CVE-2025-57708 | Feb 11, 2026 |
Qsync Central 5.0.0.4 Fix: Unbounded Resource Allocation DoSAn allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-57709 | Feb 11, 2026 |
Qsync Central 5.0.0.3: Remote Buffer Overflow Exploitable via User AccountA buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-57710 | Feb 11, 2026 |
Res Alloc DoS Qsync Central 5.0.0.4 FixedAn allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-57711 | Feb 11, 2026 |
Resource Allocation DoS via Admin in Qsync Central 5.0.0.4An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later |
Qsync Central
|
| CVE-2025-57713 | Feb 11, 2026 |
Synology File Station 5 weak auth flaw (CVE-2025-57713) fixed in 5.5.6.5166A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later |
File Station
|
| CVE-2025-58466 | Feb 11, 2026 |
QTS 5.2.8.3332 Build DoS via Uninitialized VariableA use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later |
Qts
Quts Hero
|