Qsync Central QNAP Qsync Central

  1. Vendors
  2. QNAP
  3. Qsync Central

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in QNAP Qsync Central.

By the Year

In 2026 there have been 28 vulnerabilities in QNAP Qsync Central. Last year, in 2025 Qsync Central had 15 security vulnerabilities published. That is, 13 more vulnerabilities have already been reported in 2026 as compared to last year.




Year Vulnerabilities Average Score
2026 28 0.00
2025 15 0.00
2024 1 8.10
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 1 0.00

It may take a day or so for new Qsync Central vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent QNAP Qsync Central Security Vulnerabilities

Null Pointer DoS in Qsync Central <5.0.0.4
CVE-2025-30266 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Ext-Cont-Format-String Vuln in Qsync Central <5.0.0.4 (CVE-2025-30269)
CVE-2025-30269 - February 11, 2026

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Use of Externally-Controlled Format String

Qsync Central OOB Write Before v5.0.0.4 Remote Account Exploit
CVE-2025-30276 - February 11, 2026

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Memory Corruption

Qsync Central NullPtr DoS (pre-5.0.0.4)
CVE-2025-47209 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Qsync Central <5.0.0.4: NULL ptr deref DoS (CVE-2025-48722)
CVE-2025-48722 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Qsync Central <5.0.0.4 Buffer Overflow Remote Exploit via User Account
CVE-2025-48723 - February 11, 2026

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Classic Buffer Overflow

Qsync Central Buffer Overflow 5.0.0.3
CVE-2025-48724 - February 11, 2026

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Classic Buffer Overflow

Qsync Central Buffer Overflow (before 5.0.0.4)
CVE-2025-52868 - February 11, 2026

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Classic Buffer Overflow

Buffer Overflow in Qsync Central <5.0.0.4 - Remote User Account Exploit
CVE-2025-52869 - February 11, 2026

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Classic Buffer Overflow

Buffer Overflow in Qsync Central 5.0.0.3 and Earlier Enables Remote Crash
CVE-2025-52870 - February 11, 2026

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Classic Buffer Overflow

Null Pointer Deref. in Qsync Central (pre-5.0.0.4) Remote DoS
CVE-2025-53598 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Qsync Central 5.0.0.4+ Fixed: NULL Pointer Deref DoS via Authenticated User
CVE-2025-54146 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Qsync Central NULL PTR DoS Vulnerability (Qsync Central 5.0.0.3 and earlier)
CVE-2025-54147 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Qsync Central 5.0.0.4 patch for NULL pointer DoS vulnerability CVE-2025-54148
CVE-2025-54148 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Uncontrolled Resource Consumption in Qsync Central <5.0.0.4 DoS by Local Attacker
CVE-2025-54149 - February 11, 2026

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Resource Exhaustion

Uncontrolled Resource Consumption Qsync Central 5.0.0.4 DoS
CVE-2025-54150 - February 11, 2026

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Resource Exhaustion

Uncontrolled Resource Consumption DoS in Qsync Central <5.0.0.4
CVE-2025-54151 - February 11, 2026

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Resource Exhaustion

Out-of-Range Pointer Offset in Qsync Central 5.0.0.4 Allows Memory Read
CVE-2025-54152 - February 11, 2026

A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Untrusted pointer offset

Qsync Central 5.0.0.3 OOB Read Remote Exploit
CVE-2025-54170 - February 11, 2026

An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Out-of-bounds Read

Qsync Central 5.0.0.4 Fix: Unbounded Resource Allocation DoS
CVE-2025-57708 - February 11, 2026

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Allocation of Resources Without Limits or Throttling

Qsync Central 5.0.0.3: Remote Buffer Overflow Exploitable via User Account
CVE-2025-57709 - February 11, 2026

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Heap-based Buffer Overflow

Res Alloc DoS Qsync Central 5.0.0.4 Fixed
CVE-2025-57710 - February 11, 2026

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Allocation of Resources Without Limits or Throttling

Resource Allocation DoS via Admin in Qsync Central 5.0.0.4
CVE-2025-57711 - February 11, 2026

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Allocation of Resources Without Limits or Throttling

Qsync Central 5.0 < 5.0.0.4 Path Traversal LFI Remote
CVE-2025-58467 - February 11, 2026

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Relative Path Traversal

Qsync Central <5.0.0.4 Path Traversal - arbitrary file read
CVE-2025-58470 - February 11, 2026

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Directory traversal

Resource Throttling DoS in Qsync Central <5.2.0.1 via Admin Access
CVE-2025-58471 - February 11, 2026

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later

Allocation of Resources Without Limits or Throttling

Null Pointer Dref in Qsync Central <5.0.0.4 (CVE-2025-58472) DoS
CVE-2025-58472 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

NULL Pointer Dereference

Qsync Central Path Traversal before 5.0.0.4 (fixed 20260120)
CVE-2025-68406 - February 11, 2026

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Directory traversal

Path Traversal in Qsync Central 5.0.0.3 (pre-5.0.0.3)
CVE-2025-57712 - November 07, 2025

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.3 ( 2025/08/28 ) and later

Directory traversal

SQLi Qsync Central <=5.0.0.1: remote code exec
CVE-2025-53595 - October 03, 2025

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

SQL Injection

Uncontrolled Resource Consumption in Qsync Central 5.0.0.2 DoS Vulnerability
CVE-2025-52867 - October 03, 2025

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

Resource Exhaustion

Qsync Central 5.0+ Null Ptr Deref DoS in 5.0.0.2
CVE-2025-47210 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

NULL Pointer Dereference

Qsync Central OOB Write Susceptibility Before 5.0.0.1
CVE-2025-44014 - October 03, 2025

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Memory Corruption

Resource Allocation DoS in Qsync Central 5.0.0.1 before 5.0.0.2
CVE-2025-44012 - October 03, 2025

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

Allocation of Resources Without Limits or Throttling

Qsync Central NULL Pointer DoS (fixed 5.0.0.1)
CVE-2025-44011 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

NULL Pointer Dereference

Qsync Central NULL Deref DoS (Fixed 5.0.0.1)
CVE-2025-44010 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

NULL Pointer Dereference

NULL Pointer Deref DoS in Qsync Central <5.0.0.1 (fixed 5.0.0.1)
CVE-2025-44009 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

NULL Pointer Dereference

Qsync Central NULL Pointer Dereference DoS (pre5.0.0.1)
CVE-2025-44008 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

NULL Pointer Dereference

Qsync Central 5.0.0.1+ Fixed: Resource Allocation DoS (CVE-2025-44007)
CVE-2025-44007 - October 03, 2025

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Allocation of Resources Without Limits or Throttling

Qsync Central <=5.0.0.0: Unrestricted Resource Allocation (CVE-2025-44006)
CVE-2025-44006 - October 03, 2025

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Allocation of Resources Without Limits or Throttling

Qsync Central 5.0.0.1: Resource Exhaustion Vulnerability CVE-2025-33040
CVE-2025-33040 - October 03, 2025

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Allocation of Resources Without Limits or Throttling

Qsync Central 5.0+ Resource Allocation RCE (CVE-2025-33039)
CVE-2025-33039 - October 03, 2025

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Allocation of Resources Without Limits or Throttling

Qsync Central 5.0.0.1 Path Traversal Remote File Read (CVE-2025-33034)
CVE-2025-33034 - October 03, 2025

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Directory traversal

Qsync Central QNAP incorrect ACL allows authenticated access before 4.4.0.15
CVE-2023-47564 8.1 - High - February 02, 2024

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

Incorrect Permission Assignment for Critical Resource

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could
CVE-2018-0716 - November 30, 2018

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for QNAP Qsync Central or by QNAP? Click the Watch button to subscribe.

QNAP
Vendor

QNAP Qsync Central
Product

subscribe