Qnap License Center vulnerabilities

5 known vulnerabilities affecting qnap/license_center.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2LOW3

Vulnerabilities

Page 1 of 1
CVE-2025-53597LOWCVSS 1.2≥ 2.0.17, < 2.0.362026-01-02
CVE-2025-53597 [LOW] CWE-121 CVE-2025-53597: A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gai A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later
nvd
CVE-2025-52871LOWCVSS 1.3≥ 2.0.17, < 2.0.362026-01-02
CVE-2025-52871 [LOW] CWE-125 CVE-2025-52871: An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later
nvd
CVE-2025-22483HIGHCVSS 7.1≥ 1.8.17, < 1.8.51≥ 1.9.36, < 1.9.512025-08-29
CVE-2025-22483 [HIGH] CWE-79 CVE-2025-22483: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: License Center 1.8.51 and
nvd
CVE-2024-50406LOWCVSS 2.0≥ 1.9.36, < 1.9.492025-06-06
CVE-2024-50406 [LOW] CWE-79 CVE-2024-50406: A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later
nvd
CVE-2024-48863HIGHCVSS 7.7≥ 1.9.36, < 1.9.432024-12-06
CVE-2024-48863 [HIGH] CWE-78 CVE-2024-48863: A command injection vulnerability has been reported to affect License Center. If exploited, the vuln A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later
nvd