Qnapsystemsinc Qnapsystemsinc

  1. Vendors
  2. Qnapsystemsinc

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Qnapsystemsinc product.

RSS Feeds for Qnapsystemsinc security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Qnapsystemsinc products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Qnapsystemsinc Sorted by Most Security Vulnerabilities since 2018

Qnapsystemsinc Qts26 vulnerabilities

Qnapsystemsinc Quts Hero26 vulnerabilities

Qnapsystemsinc Hbs 3 Hybrid Backup Sync2 vulnerabilities

Qnapsystemsinc Malware Remover1 vulnerability

Qnapsystemsinc Photo Station1 vulnerability

Qnapsystemsinc Qumagie1 vulnerability

By the Year

In 2026 there have been 26 vulnerabilities in Qnapsystemsinc. Last year, in 2025 Qnapsystemsinc had 5 security vulnerabilities published. That is, 21 more vulnerabilities have already been reported in 2026 as compared to last year.

Year Vulnerabilities Average Score
2026 26 0.00
2025 5 9.80

It may take a day or so for new Qnapsystemsinc vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Qnapsystemsinc Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-62842 Jan 02, 2026
HBS 3 Hybrid Backup Sync F/P Control Vulnerability (fixed 26.2.0.938) An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later
Hbs 3 Hybrid Backup Sync
CVE-2025-62840 Jan 02, 2026
Sensitive Data Exposure via Err Msg in HBS 3 Hybrid Backup Sync <=26.1.x A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later
Hbs 3 Hybrid Backup Sync
CVE-2025-11837 Jan 02, 2026
QNAP Malware Remover 6.6.8.20251023: Improper Code Generation Vulnerability An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later
Malware Remover
CVE-2025-59381 Jan 02, 2026
QNAP QTS 5.2.8.3332 Path Traversal Allowing Admin File Read A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
Qts
Quts Hero
CVE-2025-59380 Jan 02, 2026
QTS 5.2.8.3332+ Path Traversal Enables Admin File Read A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
Qts
Quts Hero
CVE-2025-9110 Jan 02, 2026
QNAP QTS/QuTS Hero Info Disclosure (before 5.2.8.3332) An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-57705 Jan 02, 2026
QNAP QTS/QuTS hero: Resource Allocation Bypass (CVE-2025-57705) An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-54166 Jan 02, 2026
QNAP OS OOB Read CVE-2025-54166 (Fixed in QTS 5.2.7.3256+ / QuTS hero 5.2.7.3256+) An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-54165 Jan 02, 2026
OOB Read in QNAP QTS <5.2.7.3256 & QuTS Hero <5.3.1.3250 Remote Data Leak An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-54164 Jan 02, 2026
Out-of-Bounds Read in QNAP QTS before 5.2.7.3256/QuTS hero before 5.3.1.3250 An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-53596 Jan 02, 2026
QNAP QTS NULL Pointer DoS via Remote Admin (Fixed v5.2.7.3256+) A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-53593 Jan 02, 2026
QNAP QTS/QuTS hero Buffer Overflow Fixed in 5.2.7.3256 A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-53592 Jan 02, 2026
QNAP QTS/QuTS Hero NULL_PTR DoS v before 5.2.7.3256/5.3.1.3250 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-53591 Jan 02, 2026
QTS Format String Vulnerability (CVE-2025-53591) Fixed in 5.2.7.3256 A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-53589 Jan 02, 2026
QNAP QTS Null Pointer DoS (before 5.2.7.3256) A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-53414 Jan 02, 2026
QNAP QTS/QuTS NULL ptr DoS CVE-2025-53414 fixed 5.2.7.3256/5.3.1.3250 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-53405 Jan 02, 2026
QTS <5.2.7.3256 Null Pointer DoS via Remote Admin A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-52872 Jan 02, 2026
QNAP QTS/QuTS hero Buffer Overflow CVE-2025-52872 (pre-5.3.0.3192) A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later
Qts
Quts Hero
CVE-2025-52864 Jan 02, 2026
Buffer Overflow in QNAP QTS/QuTS hero before 5.2.7.3256 A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later
Qts
Quts Hero
CVE-2025-52863 Jan 02, 2026
QNAP QTS/QuTS Hero BF Overflow (Pre-5.2.7/5.3.0) A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later
Qts
Quts Hero
CVE-2025-52431 Jan 02, 2026
QNAP QTS 5.2.7.3256+ QuTS 5.3.1+ Null Pointer Deref DoS A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-52430 Jan 02, 2026
QNAP QTS/QuTS hero NullPointer DoS (before 5.2.7.3256) A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-52426 Jan 02, 2026
Null Pointer Deref in QNAP QTS 5.2.x / QuTS Hero 5.3.x DoS A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Qts
Quts Hero
CVE-2025-47208 Jan 02, 2026
QNAP QTS Resource Allocation DoS (before 5.2.6, fixed 5.2.6.3195) An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Qts
Quts Hero
CVE-2025-44013 Jan 02, 2026
QNAP QTS/QuTS Hero NULL ptr deref DoS (before 5.2.6.3195) A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Qts
Quts Hero
CVE-2025-62857 Jan 02, 2026
QuMagie XSS in Web Frontend (before 2.8.1) QNAP A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later
Qumagie
CVE-2025-59385 Dec 16, 2025
QNAP QTS 5.2.7 Auth Bypass via Spoofing (fixed 5.2.7.3297) An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Qts
Quts Hero
CVE-2025-62847 Dec 16, 2025
Command Injection: QNAP QTS 5.2.7.3297 & QuTS hero 5.3.1 An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Qts
Quts Hero
CVE-2025-62848 Dec 16, 2025
QNAP QTS/QuTS Hero Null Pointer DoS (pre 5.3.1.3292) A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Qts
Quts Hero
CVE-2025-62849 Dec 16, 2025
SQL Injection in QNAP QTS/QuTS Hero <5.2.7.3297 An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Qts
Quts Hero
CVE-2017-20210 Nov 11, 2025
CVE-2017-20210: Photo Station XMR Mining Vulnerability in 5.4.1 Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
Photo Station
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.