QNAP QuTS Hero H5.2.0.2851 Build 20240808
Approved changes feed: RSS · Atom
cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*
part: o version: h5.2.0.2851 update: build_20240808
| Vendor | Qnap (a402dda4-b7da-50eb-b0f8-700e564ee87d) |
|---|---|
| Product | Quts Hero (c808c21e-6b74-58ae-ac08-bf1b891081da) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9110 |
vulnerable | 2026-06-03 15:13:45.454206 |
QTS, QuTS hero
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T15:17:29.481Z
Updated: 2026-01-02T19:14:42.164Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-66277 |
vulnerable | 2026-06-03 15:09:41.922315 |
QTS, QuTS hero
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3350 build 20251216 and later
QuTS hero h5.3.2.3354 build 20251225 and later
QuTS hero h5.2.8.3350 build 20251216 and later
Published: 2026-02-11T12:15:43.851Z
Updated: 2026-02-26T14:44:26.986Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62852 |
vulnerable | 2026-06-03 15:09:35.514903 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
Published: 2026-01-02T15:19:40.492Z
Updated: 2026-01-05T20:38:31.940Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62849 |
vulnerable | 2026-06-03 15:09:35.476702 |
QTS, QuTS hero
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:24:58.273Z
Updated: 2026-02-26T16:07:33.754Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62848 |
vulnerable | 2026-06-03 15:09:35.473690 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:25:04.815Z
Updated: 2026-03-18T03:55:46.939Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62847 |
vulnerable | 2026-06-03 15:09:35.451402 |
QTS, QuTS hero
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:25:11.210Z
Updated: 2026-03-18T13:05:56.224Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59385 |
vulnerable | 2026-06-03 15:06:25.038066 |
QTS, QuTS hero
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:25:16.661Z
Updated: 2026-02-26T16:07:33.359Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59381 |
vulnerable | 2026-06-03 15:06:25.022654 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-01-02T15:19:09.271Z
Updated: 2026-01-05T20:38:50.555Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59380 |
vulnerable | 2026-06-03 15:06:25.013001 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-01-02T15:18:56.977Z
Updated: 2026-01-02T19:10:29.579Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-58466 |
vulnerable | 2026-06-03 15:06:21.739371 |
QTS, QuTS hero
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-02-11T12:16:55.139Z
Updated: 2026-02-11T16:54:52.712Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57705 |
vulnerable | 2026-06-03 15:04:59.895415 |
QTS, QuTS hero
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:57:17.408Z
Updated: 2026-01-02T19:15:26.326Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54166 |
vulnerable | 2026-06-03 15:04:55.133806 |
QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:57:05.534Z
Updated: 2026-01-02T19:16:09.640Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54165 |
vulnerable | 2026-06-03 15:04:55.130984 |
QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:54.985Z
Updated: 2026-01-02T19:16:42.072Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54164 |
vulnerable | 2026-06-03 15:04:55.106394 |
QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:43.726Z
Updated: 2026-01-02T19:17:21.484Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53596 |
vulnerable | 2026-06-03 15:03:54.363070 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:33.274Z
Updated: 2026-01-05T20:38:55.696Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53593 |
vulnerable | 2026-06-03 15:03:54.331206 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:24.161Z
Updated: 2026-01-05T20:39:01.408Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53592 |
vulnerable | 2026-06-03 15:03:54.330082 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:13.513Z
Updated: 2026-01-05T20:39:07.353Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53591 |
vulnerable | 2026-06-03 15:03:54.329037 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:55:54.769Z
Updated: 2026-01-05T20:39:12.642Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53590 |
vulnerable | 2026-06-03 15:03:54.327886 |
QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
Published: 2026-01-02T14:55:37.460Z
Updated: 2026-01-05T20:39:19.236Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53589 |
vulnerable | 2026-06-03 15:03:54.326827 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:55:11.688Z
Updated: 2026-01-05T20:39:24.834Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53414 |
vulnerable | 2026-06-03 15:03:53.996483 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:54:54.455Z
Updated: 2026-01-02T19:17:55.858Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53407 |
vulnerable | 2026-06-03 15:03:53.993937 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:42.829Z
Updated: 2025-10-03T19:09:52.630Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53406 |
vulnerable | 2026-06-03 15:03:53.993057 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:36.797Z
Updated: 2025-10-03T19:10:06.668Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53405 |
vulnerable | 2026-06-03 15:03:53.991647 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:54:39.877Z
Updated: 2026-01-02T19:19:33.876Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52872 |
vulnerable | 2026-06-03 15:03:52.630712 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2026-01-02T14:54:25.736Z
Updated: 2026-01-02T19:20:02.277Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52866 |
vulnerable | 2026-06-03 15:03:52.619977 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:20.905Z
Updated: 2025-10-03T19:10:32.185Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52864 |
vulnerable | 2026-06-03 15:03:52.587632 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2026-01-02T14:54:14.636Z
Updated: 2026-01-02T19:21:12.711Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52863 |
vulnerable | 2026-06-03 15:03:52.586421 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2026-01-02T14:53:57.755Z
Updated: 2026-01-02T19:21:59.941Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52862 |
vulnerable | 2026-06-03 15:03:52.585135 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:13.658Z
Updated: 2025-10-03T19:10:42.739Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52860 |
vulnerable | 2026-06-03 15:03:52.584228 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:22.605Z
Updated: 2025-10-03T19:10:53.233Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52859 |
vulnerable | 2026-06-03 15:03:52.583021 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:16.583Z
Updated: 2025-10-03T19:11:12.494Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52858 |
vulnerable | 2026-06-03 15:03:52.582386 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:09.818Z
Updated: 2025-10-03T19:11:24.029Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52857 |
vulnerable | 2026-06-03 15:03:52.581480 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:03.119Z
Updated: 2025-10-03T19:11:34.444Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52855 |
vulnerable | 2026-06-03 15:03:52.559937 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:56.405Z
Updated: 2025-10-03T19:11:44.238Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52854 |
vulnerable | 2026-06-03 15:03:52.559010 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:49.041Z
Updated: 2025-10-03T19:11:52.322Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52853 |
vulnerable | 2026-06-03 15:03:52.557511 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:42.913Z
Updated: 2025-10-03T19:12:08.464Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52433 |
vulnerable | 2026-06-03 15:01:59.209435 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:36.758Z
Updated: 2025-10-03T19:13:27.504Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52432 |
vulnerable | 2026-06-03 15:01:59.205603 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
and later
QuTS hero h5.2.6.3195 build 20250715 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2025-10-03T18:11:30.922Z
Updated: 2025-10-03T20:46:02.157Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52431 |
vulnerable | 2026-06-03 15:01:59.203005 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:53:37.139Z
Updated: 2026-01-02T19:23:21.424Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52430 |
vulnerable | 2026-06-03 15:01:59.194160 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:53:23.512Z
Updated: 2026-01-02T19:24:13.674Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52429 |
vulnerable | 2026-06-03 15:01:59.192239 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:24.368Z
Updated: 2025-10-03T20:46:16.009Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52428 |
vulnerable | 2026-06-03 15:01:59.190110 |
QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:17.308Z
Updated: 2025-10-03T20:46:24.803Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52427 |
vulnerable | 2026-06-03 15:01:59.187371 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:10.864Z
Updated: 2025-10-03T20:46:37.025Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52426 |
vulnerable | 2026-06-03 15:01:59.171621 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:53:10.624Z
Updated: 2026-01-02T19:25:16.745Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52424 |
vulnerable | 2026-06-03 15:01:59.161792 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:04.091Z
Updated: 2025-10-03T20:47:34.895Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48730 |
vulnerable | 2026-06-03 15:01:35.207825 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:57.322Z
Updated: 2025-10-03T20:47:53.789Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48729 |
vulnerable | 2026-06-03 15:01:35.206116 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:51.245Z
Updated: 2025-10-06T17:16:57.435Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48728 |
vulnerable | 2026-06-03 15:01:35.204468 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:45.768Z
Updated: 2025-10-03T18:59:15.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48727 |
vulnerable | 2026-06-03 15:01:35.203025 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:39.613Z
Updated: 2025-10-03T18:58:24.023Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48726 |
vulnerable | 2026-06-03 15:01:35.201398 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:33.458Z
Updated: 2025-10-03T18:57:50.791Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48725 |
vulnerable | 2026-06-03 15:01:35.196963 |
QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QuTS hero h5.3.2.3354 build 20251225 and later
Published: 2026-02-11T12:19:16.450Z
Updated: 2026-02-11T14:48:36.064Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48721 |
vulnerable | 2026-06-03 15:01:35.186054 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
Published: 2026-01-02T15:17:38.864Z
Updated: 2026-01-02T19:13:09.727Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47214 |
vulnerable | 2026-06-03 15:01:28.686510 |
QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
and later
Published: 2025-10-03T18:10:26.403Z
Updated: 2025-10-03T18:57:05.857Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47213 |
vulnerable | 2026-06-03 15:01:28.684673 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:17.500Z
Updated: 2025-10-03T18:56:27.652Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47212 |
vulnerable | 2026-06-03 15:01:28.682436 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:11.466Z
Updated: 2026-02-26T17:48:20.794Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47211 |
vulnerable | 2026-06-03 15:01:28.680110 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:04.837Z
Updated: 2025-10-03T18:53:40.403Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47208 |
vulnerable | 2026-06-03 15:01:28.669289 |
QTS, QuTS hero
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2026-01-02T14:52:49.669Z
Updated: 2026-01-02T19:25:58.843Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47205 |
vulnerable | 2026-06-03 15:01:28.659522 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-02-11T12:19:44.097Z
Updated: 2026-02-11T14:33:22.912Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-44013 |
vulnerable | 2026-06-03 15:01:18.472284 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2026-01-02T14:52:34.169Z
Updated: 2026-01-02T19:26:32.750Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-33032 |
vulnerable | 2026-06-03 15:00:42.724868 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:51.497Z
Updated: 2025-08-29T18:22:12.579Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30274 |
vulnerable | 2026-06-03 15:00:27.642576 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:31.717Z
Updated: 2025-08-29T18:22:37.804Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30273 |
vulnerable | 2026-06-03 15:00:27.640880 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:27.210Z
Updated: 2025-08-29T18:22:44.930Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30272 |
vulnerable | 2026-06-03 15:00:27.639184 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:22.812Z
Updated: 2025-08-29T18:22:51.109Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30271 |
vulnerable | 2026-06-03 15:00:27.636489 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:18.464Z
Updated: 2025-08-29T18:22:57.195Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30270 |
vulnerable | 2026-06-03 15:00:27.634865 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:13.816Z
Updated: 2025-08-29T18:23:04.907Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30268 |
vulnerable | 2026-06-03 15:00:27.632616 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:08.724Z
Updated: 2025-08-29T18:23:10.854Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30267 |
vulnerable | 2026-06-03 15:00:27.630516 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:03.790Z
Updated: 2025-08-29T18:23:17.830Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30265 |
vulnerable | 2026-06-03 15:00:27.628162 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:15:58.561Z
Updated: 2025-08-29T18:23:23.852Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30264 |
vulnerable | 2026-06-03 15:00:27.621859 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:15:53.952Z
Updated: 2026-02-26T17:47:48.098Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-29882 |
vulnerable | 2026-06-03 15:00:14.833826 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:14:18.812Z
Updated: 2025-08-29T18:25:05.280Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22481 |
vulnerable | 2026-06-03 14:59:40.076939 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3079 build 20250321 and later
Published: 2025-06-06T15:53:18.696Z
Updated: 2026-02-26T17:51:06.890Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56805 |
vulnerable | 2026-06-03 14:57:50.331081 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3079 build 20250321 and later
Published: 2025-06-06T15:53:13.936Z
Updated: 2025-06-06T16:35:40.607Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53699 |
vulnerable | 2026-06-03 14:57:39.920417 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:14:15.735Z
Updated: 2025-03-07T17:52:52.877Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53698 |
vulnerable | 2026-06-03 14:57:39.919479 |
QTS, QuTS hero
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:14:08.713Z
Updated: 2025-03-07T17:53:17.143Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53697 |
vulnerable | 2026-06-03 14:57:39.918209 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:14:01.565Z
Updated: 2025-03-07T17:53:42.938Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53693 |
vulnerable | 2026-06-03 14:57:39.898738 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:13:29.581Z
Updated: 2025-03-07T17:08:09.353Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53692 |
vulnerable | 2026-06-03 14:57:39.895221 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:13:23.099Z
Updated: 2025-03-07T17:11:12.796Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50405 |
vulnerable | 2026-06-03 14:57:24.206208 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:13:17.099Z
Updated: 2025-03-07T17:14:37.498Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50403 |
vulnerable | 2026-06-03 14:57:24.184035 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:45.927Z
Updated: 2024-12-06T19:25:57.274Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50402 |
vulnerable | 2026-06-03 14:57:24.182011 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:39.547Z
Updated: 2024-12-06T19:26:18.132Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50401 |
vulnerable | 2026-06-03 14:57:24.177075 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:30:59.166Z
Updated: 2024-11-22T16:45:59.583Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50400 |
vulnerable | 2026-06-03 14:57:24.176180 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:13.326Z
Updated: 2024-11-22T16:44:57.456Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50399 |
vulnerable | 2026-06-03 14:57:24.175085 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:20.542Z
Updated: 2024-11-22T16:44:49.629Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50398 |
vulnerable | 2026-06-03 14:57:24.174204 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:27.533Z
Updated: 2024-11-22T16:44:57.341Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50397 |
vulnerable | 2026-06-03 14:57:24.172877 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:34.360Z
Updated: 2024-11-22T16:44:57.191Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50396 |
vulnerable | 2026-06-03 14:57:24.171936 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:41.184Z
Updated: 2024-11-22T16:44:57.056Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50393 |
vulnerable | 2026-06-03 14:57:24.163585 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:33.342Z
Updated: 2024-12-10T04:55:54.258Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48868 |
vulnerable | 2026-06-03 14:57:10.347441 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:27.206Z
Updated: 2024-12-06T19:36:12.495Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48867 |
vulnerable | 2026-06-03 14:57:10.345467 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:20.438Z
Updated: 2024-12-06T19:38:19.849Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48866 |
vulnerable | 2026-06-03 14:57:10.343697 |
QTS, QuTS hero
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:13.985Z
Updated: 2024-12-06T19:29:20.387Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48865 |
vulnerable | 2026-06-03 14:57:10.341882 |
QTS, QuTS hero
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:05.597Z
Updated: 2024-12-06T19:38:27.732Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48859 |
vulnerable | 2026-06-03 14:57:10.316912 |
QTS, QuTS hero
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:35:58.818Z
Updated: 2024-12-06T19:38:38.778Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37050 |
vulnerable | 2026-06-03 14:56:05.549441 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:32:44.371Z
Updated: 2024-11-22T17:05:00.904Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37049 |
vulnerable | 2026-06-03 14:56:05.548576 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:32:49.741Z
Updated: 2024-11-22T17:05:00.765Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37048 |
vulnerable | 2026-06-03 14:56:05.547870 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:32:56.395Z
Updated: 2024-11-22T17:05:01.325Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37047 |
vulnerable | 2026-06-03 14:56:05.547115 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:03.459Z
Updated: 2024-11-22T17:05:00.638Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37046 |
vulnerable | 2026-06-03 14:56:05.546308 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:09.701Z
Updated: 2024-11-22T17:05:01.576Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37045 |
vulnerable | 2026-06-03 14:56:05.545389 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:15.661Z
Updated: 2024-11-22T17:05:01.188Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37044 |
vulnerable | 2026-06-03 14:56:05.544265 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:22.007Z
Updated: 2024-11-22T17:05:00.517Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37043 |
vulnerable | 2026-06-03 14:56:05.543258 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:29.576Z
Updated: 2024-11-22T17:05:01.457Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37042 |
vulnerable | 2026-06-03 14:56:05.542546 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:35.425Z
Updated: 2024-11-22T17:05:01.042Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37041 |
vulnerable | 2026-06-03 14:56:05.541085 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:41.157Z
Updated: 2024-11-22T17:05:00.340Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-14026 |
vulnerable | 2026-06-03 14:54:25.912821 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2026-03-11T08:02:13.413Z
Updated: 2026-03-12T03:55:17.771Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.