QNAP Qsync Central
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in QNAP Qsync Central.
By the Year
In 2026 there have been 0 vulnerabilities in QNAP Qsync Central. Last year, in 2025 Qsync Central had 15 security vulnerabilities published. Right now, Qsync Central is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 15 | 0.00 |
| 2024 | 1 | 8.10 |
It may take a day or so for new Qsync Central vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP Qsync Central Security Vulnerabilities
Path Traversal in Qsync Central 5.0.0.3 (pre-5.0.0.3)
CVE-2025-57712
- November 07, 2025
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.3 ( 2025/08/28 ) and later
Directory traversal
SQLi Qsync Central <=5.0.0.1: remote code exec
CVE-2025-53595
- October 03, 2025
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
SQL Injection
Uncontrolled Resource Consumption in Qsync Central 5.0.0.2 DoS Vulnerability
CVE-2025-52867
- October 03, 2025
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
Resource Exhaustion
Qsync Central 5.0+ Null Ptr Deref DoS in 5.0.0.2
CVE-2025-47210
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
NULL Pointer Dereference
Qsync Central OOB Write Susceptibility Before 5.0.0.1
CVE-2025-44014
- October 03, 2025
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Memory Corruption
Resource Allocation DoS in Qsync Central 5.0.0.1 before 5.0.0.2
CVE-2025-44012
- October 03, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
Allocation of Resources Without Limits or Throttling
Qsync Central NULL Pointer DoS (fixed 5.0.0.1)
CVE-2025-44011
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
NULL Pointer Dereference
Qsync Central NULL Deref DoS (Fixed 5.0.0.1)
CVE-2025-44010
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
NULL Pointer Dereference
NULL Pointer Deref DoS in Qsync Central <5.0.0.1 (fixed 5.0.0.1)
CVE-2025-44009
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
NULL Pointer Dereference
Qsync Central NULL Pointer Dereference DoS (pre5.0.0.1)
CVE-2025-44008
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
NULL Pointer Dereference
Qsync Central 5.0.0.1+ Fixed: Resource Allocation DoS (CVE-2025-44007)
CVE-2025-44007
- October 03, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Allocation of Resources Without Limits or Throttling
Qsync Central <=5.0.0.0: Unrestricted Resource Allocation (CVE-2025-44006)
CVE-2025-44006
- October 03, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Allocation of Resources Without Limits or Throttling
Qsync Central 5.0.0.1: Resource Exhaustion Vulnerability CVE-2025-33040
CVE-2025-33040
- October 03, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Allocation of Resources Without Limits or Throttling
Qsync Central 5.0+ Resource Allocation RCE (CVE-2025-33039)
CVE-2025-33039
- October 03, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Allocation of Resources Without Limits or Throttling
Qsync Central 5.0.0.1 Path Traversal Remote File Read (CVE-2025-33034)
CVE-2025-33034
- October 03, 2025
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Directory traversal
Qsync Central QNAP incorrect ACL allows authenticated access before 4.4.0.15
CVE-2023-47564
8.1 - High
- February 02, 2024
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later
Incorrect Permission Assignment for Critical Resource
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for QNAP Qsync Central or by QNAP? Click the Watch button to subscribe.
