cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-34974,https://securityvulnerability.io/vulnerability/CVE-2023-34974,"QNAP QTS Vulnerability Affects Multiple Versions, Fix Released","An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system, allowing attackers to execute arbitrary commands through network interfaces. This vulnerability impacts various installations, potentially leading to unauthorized control over affected systems. It is crucial for users to update their software to the specified secure releases to mitigate these risks.",QNAP,"Qts,Quts Hero,Qutscloud,Qvr,Qes",8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:27:27.244Z,0
CVE-2023-23355,https://securityvulnerability.io/vulnerability/CVE-2023-23355,"QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR","An OS command injection vulnerability has been identified in QNAP operating systems, potentially allowing remote authenticated administrators to execute system commands through unverified vectors. This flaw poses a significant risk, as it could facilitate unauthorized access and manipulation of the affected systems. QNAP has issued patches for this vulnerability in various versions of its operating systems, emphasizing the importance of updating devices to the latest versions for enhanced security.",QNAP,"QTS,QuTS hero,QuTScloud,QES",7.2,HIGH,0.0013599999947473407,false,false,false,false,,false,false,2023-03-29T05:15:00.000Z,0
CVE-2020-2499,https://securityvulnerability.io/vulnerability/CVE-2020-2499,Hard-coded Password Vulnerability in QES,"A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.",QNAP,Qes,6.3,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2020-12-23T00:00:00.000Z,0
CVE-2020-2503,https://securityvulnerability.io/vulnerability/CVE-2020-2503,Stored cross-site scripting vulnerability in QES,"If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",QNAP,Qes,9,CRITICAL,0.0006600000197067857,false,false,false,false,,false,false,2020-12-23T00:00:00.000Z,0
CVE-2020-2504,https://securityvulnerability.io/vulnerability/CVE-2020-2504,Absolute path traversal vulnerability in QES,"If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",QNAP,Qes,5.8,MEDIUM,0.0024399999529123306,false,false,false,false,,false,false,2020-12-23T00:00:00.000Z,0
CVE-2020-2505,https://securityvulnerability.io/vulnerability/CVE-2020-2505,Sensitive information via generation of error messages vulnerability in QES,"If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",QNAP,Qes,2.3,LOW,0.0004199999966658652,false,false,false,false,,false,false,2020-12-23T00:00:00.000Z,0