cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-27595,https://securityvulnerability.io/vulnerability/CVE-2022-27595,Insecure Library Loading Vulnerability in QVPN Device Client,"CVE-2022-27595 is a critical insecurity identified within QNAP's QVPN Device Client, specifically involving an insecure library loading flaw. This vulnerability permits local attackers, who have obtained user-level access, to potentially execute malicious code or commands within the environment. This threat highlights the importance of updating to the latest versions, specifically QVPN Windows 2.0.0.1316 and 2.0.0.1310 or later, to mitigate the risks associated with this vulnerability. For further information, please refer to the official security advisory.",QNAP,Qvpn Windows,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T01:39:46.448Z,0
CVE-2022-27600,https://securityvulnerability.io/vulnerability/CVE-2022-27600,Uncontrolled Resource Consumption Vulnerability in QNAP Operating Systems,"CVE-2022-27600 is an uncontrolled resource consumption vulnerability that affects various versions of QNAP's operating systems. This vulnerability could be exploited by remote attackers to execute a denial-of-service (DoS) attack, which would disrupt legitimate user access and affect the overall performance of the affected systems. QNAP has issued fixes in certain versions to mitigate this risk. Users are strongly advised to upgrade to the patched versions to protect their systems from potential exploitation.",QNAP,"Qts,Quts Hero,Qutscloud",6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T01:39:38.167Z,0
CVE-2023-23354,https://securityvulnerability.io/vulnerability/CVE-2023-23354,Cross-Site Scripting Vulnerability in QNAP Operating Systems,"CVE-2023-23354 describes a high-severity cross-site scripting (XSS) vulnerability present in several versions of QNAP's QuLog Center. This flaw allows remote attackers who have gained user access to bypass essential security measures and potentially read sensitive application data. Since the vulnerability may be exploited via malicious scripts, it poses a significant threat to user security and privacy. QNAP has released patches in versions QuLog Center 1.5.0.738 and later, QuLog Center 1.4.1.691 and later, and QuLog Center 1.3.1.645 and later to mitigate these risks. Users are strongly advised to upgrade to the latest versions to ensure their systems are secure.",QNAP,Qulog Center,7.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T01:39:27.208Z,0
CVE-2023-23356,https://securityvulnerability.io/vulnerability/CVE-2023-23356,Command Injection Vulnerability in QNAP Operating Systems,"CVE-2023-23356 is a critical command injection vulnerability discovered in multiple versions of QNAP's operating system. This vulnerability allows remote attackers, who have obtained administrator-level access, to execute arbitrary commands on the affected devices. Exploiting this weakness could lead to severe consequences, including unauthorized data access and system manipulation. QNAP has addressed this security flaw in QuFirewall version 2.3.3 released on March 27, 2023, and all subsequent updates. Users are strongly advised to update their systems to mitigate risks and enhance security.",QNAP,Qufirewall,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T01:39:15.645Z,0
CVE-2023-23357,https://securityvulnerability.io/vulnerability/CVE-2023-23357,Cross-Site Scripting Vulnerability in QNAP Products,"CVE-2023-23357 describes a critical cross-site scripting (XSS) vulnerability found in various QNAP QuLog Center operating system versions. Remote attackers with administrative access can exploit this flaw to bypass existing security mechanisms and potentially access sensitive application data. It is crucial for users of affected versions to update to the latest releases where this vulnerability has been resolved. QNAP has released patches in versions QuLog Center 1.5.0.738 (released on March 6, 2023), 1.4.1.691 (released on March 1, 2023), and 1.3.1.645 (released on February 22, 2023) to address this security concern. For further details and assistance, refer to QNAP's security advisory.",QNAP,Qulog Center,4.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T01:39:02.809Z,0
CVE-2024-50387,https://securityvulnerability.io/vulnerability/CVE-2024-50387,SQL Injection Vulnerability in QNAP Operating System,"A SQL injection vulnerability has been identified in multiple versions of the QNAP Operating System, allowing remote attackers to inject and execute malicious code. If left unpatched, this flaw poses a significant risk to data integrity and security within affected systems. QNAP has addressed this issue in the SMB Service version 4.15.002 and later, enhancing protection against such attacks.",QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-53691,https://securityvulnerability.io/vulnerability/CVE-2024-53691,QTS Operating System Vulnerability Fix,"A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.

We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QTS 5.2.0.2802 build 20240620 and later
QuTS hero h5.1.8.2823 build 20240712 and later
QuTS hero h5.2.0.2802 build 20240620 and later",QNAP,,,,0.0004299999854993075,false,true,false,true,true,false,false,2024-12-06T17:15:00.000Z,757
CVE-2024-50402,https://securityvulnerability.io/vulnerability/CVE-2024-50402,External Format String Vulnerability in QNAP Operating Systems,An externally-controlled format string vulnerability in several QNAP operating system versions can be exploited by remote attackers with administrator access. This could potentially grant them the ability to access sensitive data or modify the system's memory. The issue has been resolved in later versions of QTS and QuTS hero.,QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-50388,https://securityvulnerability.io/vulnerability/CVE-2024-50388,OS Command Injection Vulnerability in HBS 3 Hybrid Backup Sync by QNAP,"An OS command injection vulnerability has been identified in HBS 3 Hybrid Backup Sync, allowing remote attackers to execute arbitrary commands on the affected system. Successful exploitation could compromise the integrity and security of the application and potentially lead to unauthorized access to sensitive data. QNAP has addressed this vulnerability in version 25.1.1.673 and later, urging all users to update their software to mitigate the risks associated with this issue.",QNAP,HBS 3 Hybrid Backup Sync,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-48868,https://securityvulnerability.io/vulnerability/CVE-2024-48868,CRLF Injection Vulnerability in QNAP Operating Systems,"A vulnerability has been identified in certain QNAP operating system versions that allows improper handling of CRLF sequences, known as CRLF Injection. This flaw could enable remote attackers to manipulate application data, potentially leading to unauthorized modifications. QNAP has addressed this issue in the latest builds of QTS and QuTS hero, ensuring enhanced security for users. It is crucial to update to the patched versions to mitigate possible exploitation risks.",QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-50389,https://securityvulnerability.io/vulnerability/CVE-2024-50389,SQL Injection Vulnerability in QuRouter by QNAP,"A SQL injection vulnerability has been identified in QNAP’s QuRouter, which could be exploited by remote attackers to execute malicious commands within the affected systems. This could compromise data integrity and system security. It is crucial for users to upgrade to QuRouter version 2.4.5.032 or later to mitigate this risk. The presence of this vulnerability underscores the importance of regular software updates and security best practices.",QNAP,QuRouter,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-50403,https://securityvulnerability.io/vulnerability/CVE-2024-50403,Exploitable Format String Vulnerability in QNAP Operating Systems,A vulnerability involving the use of externally-controlled format strings has been identified in various QNAP operating system versions. This flaw enables remote attackers who have gained administrator access to retrieve confidential information or alter memory contents. It is crucial for users to upgrade to QTS 5.2.2.2950 build 20241114 or later and QuTS hero h5.2.2.2952 build 20241116 or later to mitigate the risks associated with this vulnerability.,QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-48865,https://securityvulnerability.io/vulnerability/CVE-2024-48865,Improper Certificate Validation Vulnerability in QNAP Operating Systems,A vulnerability due to improper certificate validation in several versions of QNAP operating systems has been identified. This flaw could permit attackers who have local network access to compromise system security. Users are strongly advised to update to the latest versions of QTS and QuTS hero to mitigate any potential threats associated with this vulnerability.,QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-50404,https://securityvulnerability.io/vulnerability/CVE-2024-50404,Link Following Vulnerability in Qsync Central by QNAP,"A link following vulnerability has been identified in Qsync Central, which may allow remote attackers who have gained user access to exploit the system. This could lead to unauthorized file system traversal, enabling access to unintended directories and sensitive information. Users are encouraged to upgrade to version 4.4.0.16_20240819 or later to mitigate this risk.",QNAP,Qsync Central,,,0.0004299999854993075,false,false,false,true,true,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-48859,https://securityvulnerability.io/vulnerability/CVE-2024-48859,"QNAP Fixes Remote Authentication Vulnerability Affecting QTS, QuTS Hero","An improper authentication vulnerability has been identified in multiple versions of QNAP operating systems, creating a significant risk of unauthorized access. If exploited, this vulnerability could allow remote attackers to bypass authentication mechanisms, leading to potential compromises of user data and system integrity. Users of affected QNAP systems are urged to update to the latest software versions to mitigate these risks. Security patches are available in QTS 5.1.9.2954 build 20241120 and later, QTS 5.2.2.2950 build 20241114 and later, QuTS hero h5.1.9.2954 build 20241120 and later, and QuTS hero h5.2.2.2952 build 20241116 and later to ensure protection against such threats.",QNAP,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-48866,https://securityvulnerability.io/vulnerability/CVE-2024-48866,Improper URL Encoding in QNAP Operating Systems,"The reported vulnerability involves improper handling of URL encoding (Hex Encoding) in multiple versions of QNAP operating systems. Exploitation of this flaw could enable remote attackers to force the system into unpredictable behavior, potentially compromising system integrity and security. QNAP has addressed this issue in several newer versions, providing users with necessary updates to secure their systems against such exploits. It is strongly recommended for users to upgrade to the specified versions to mitigate the risk.",QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-50393,https://securityvulnerability.io/vulnerability/CVE-2024-50393,"QTS, QuTS hero","A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.

We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later",QNAP,"Qts,Quts Hero",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-48863,https://securityvulnerability.io/vulnerability/CVE-2024-48863,Command Injection Vulnerability in QNAP License Center,"A critical command injection vulnerability has been identified in QNAP's License Center. This vulnerability enables remote attackers to execute arbitrary commands, potentially compromising the integrity and security of the affected systems. Users operating on versions prior to License Center 1.9.43 are particularly at risk and are strongly advised to update to the latest version to safeguard their systems against potential exploitation.",QNAP,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-48867,https://securityvulnerability.io/vulnerability/CVE-2024-48867,CRLF Injection Vulnerability in QNAP Operating Systems,"A CRLF Injection vulnerability has been identified in various QNAP operating systems, allowing unauthorized remote attackers to inject malicious sequences that can lead to the modification of application data. This vulnerability is applicable to specified versions of QTS and QuTS hero, emphasizing the need for prompt updates to mitigate potential exploits and safeguard your systems from unauthorized data manipulation.",QNAP,QNAP Operating Systems,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0
CVE-2024-32770,https://securityvulnerability.io/vulnerability/CVE-2024-32770,Cross-Site Scripting Vulnerability in QNAP Photo Station,"A cross-site scripting (XSS) vulnerability has been identified in QNAP's Photo Station, enabling remote attackers with authenticated user access to inject and execute malicious scripts. This flaw poses a security risk, potentially leading to unauthorized access to sensitive information or system compromise. Users are encouraged to update to the latest version, Photo Station 6.4.3 or later, to mitigate this vulnerability. For further details, refer to QNAP's security advisory.",QNAP,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-22T16:15:00.000Z,0
CVE-2024-37042,https://securityvulnerability.io/vulnerability/CVE-2024-37042,NULL Pointer Dereference Vulnerability in QNAP Operating Systems,"A NULL pointer dereference vulnerability has been identified in multiple versions of the QNAP operating system, which may allow remote attackers with administrator-level access to execute denial-of-service (DoS) attacks. This flaw can disrupt the normal functioning of the system, leading to potential downtime and unavailability of services. QNAP has released fixes in QTS 5.2.1.2930 build 20241025 and later, as well as QuTS hero h5.2.1.2929 build 20241025 and later to address this issue.",QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-22T16:15:00.000Z,0
CVE-2024-37047,https://securityvulnerability.io/vulnerability/CVE-2024-37047,Buffer Copy Issue in QNAP Operating Systems,"A buffer copy vulnerability affecting multiple versions of QNAP operating systems may allow attackers with administrative access to execute arbitrary code. This issue arises from a failure to validate the size of input during the copy process, posing a potential risk if exploited. QNAP has resolved this vulnerability in the specified builds, and users are urged to update to maintain system security.",QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-22T16:15:00.000Z,0
CVE-2024-32768,https://securityvulnerability.io/vulnerability/CVE-2024-32768,Cross-Site Scripting Vulnerability in QNAP Photo Station,"A cross-site scripting (XSS) vulnerability has been identified in QNAP's Photo Station, potentially enabling remote attackers with valid user access to inject malicious code. This vulnerability can compromise the integrity of the application and expose sensitive user data. The issue has been addressed in Photo Station version 6.4.3, released on July 12, 2024, which eliminates the risk associated with this flaw. Users are strongly advised to update to this version or later to safeguard against potential exploits.",QNAP,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-22T16:15:00.000Z,0
CVE-2024-32769,https://securityvulnerability.io/vulnerability/CVE-2024-32769,XSS Vulnerability in QNAP Photo Station Software,"A cross-site scripting (XSS) vulnerability has been identified in QNAP's Photo Station software. This flaw allows remote attackers, who have obtained user access, to inject malicious scripts into web pages viewed by other users. Such exploits could lead to unauthorized access or manipulation of sensitive user data. The issue has been addressed in version 6.4.3, released on July 12, 2024, and users are advised to upgrade to this version or later to mitigate potential security risks.",QNAP,Photo Station,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-22T16:15:00.000Z,0
CVE-2024-37041,https://securityvulnerability.io/vulnerability/CVE-2024-37041,Buffer Copy Vulnerability in QNAP Operating System,"A vulnerability has been identified in various versions of the QNAP operating system, characterized by a buffer copy that does not adequately verify the size of the input. If exploited by remote attackers who manage to gain administrator access, this flaw could enable the execution of arbitrary code, potentially compromising system integrity and security. QNAP has addressed this vulnerability in the latest updates, advising affected users to upgrade to QTS 5.2.1.2930 build 20241025 or later, or to QuTS hero h5.2.1.2929 build 20241025 or later, to mitigate risk.",QNAP,QNAP Operating System,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-22T16:15:00.000Z,0