Qnap Qsync Central vulnerabilities

63 known vulnerabilities affecting qnap/qsync_central.

Total CVEs
63
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH20MEDIUM19LOW24

Vulnerabilities

Page 2 of 4
CVE-2025-48722LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-48722 [LOW] CWE-476 CVE-2025-48722: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-68406LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-68406 [LOW] CWE-22 CVE-2025-68406: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-48724LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-48724 [LOW] CWE-120 CVE-2025-48724: A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-53598LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-53598 [LOW] CWE-476 CVE-2025-53598: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-30269LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-30269 [LOW] CWE-134 CVE-2025-30269: A use of externally-controlled format string vulnerability has been reported to affect Qsync Central A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-57711LOWCVSS 3.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-57711 [LOW] CWE-770 CVE-2025-57711: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the follo
nvd
CVE-2025-58467LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-58467 [LOW] CWE-23 CVE-2025-58467: A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attac A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-30266LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-30266 [LOW] CWE-476 CVE-2025-30266: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-57712MEDIUMCVSS 4.0≥ 5.0.0.0, < 5.0.0.32025-11-07
CVE-2025-57712 [MEDIUM] CWE-22 CVE-2025-57712: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.3 ( 2025/08/28 ) and later
nvd
CVE-2025-54153HIGHCVSS 8.6≥ 5.0.0.0, < 5.0.0.22025-10-03
CVE-2025-54153 [HIGH] CWE-89 CVE-2025-54153: An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
nvd
CVE-2025-44012HIGHCVSS 7.1≥ 5.0.0.0, < 5.0.0.22025-10-03
CVE-2025-44012 [HIGH] CWE-770 CVE-2025-44012: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following vers
nvd
CVE-2025-44014HIGHCVSS 7.1≥ 4.2.0.0, < 5.0.0.12025-10-03
CVE-2025-44014 [HIGH] CWE-787 CVE-2025-44014: An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
nvd
CVE-2025-44007HIGHCVSS 7.1≥ 4.2.0.0, < 5.0.0.12025-10-03
CVE-2025-44007 [HIGH] CWE-770 CVE-2025-44007: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following vers
nvd
CVE-2025-53595HIGHCVSS 8.6≥ 5.0.0.0, < 5.0.0.22025-10-03
CVE-2025-53595 [HIGH] CWE-89 CVE-2025-53595: An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
nvd
CVE-2025-33039HIGHCVSS 7.1≥ 4.2.0.0, < 5.0.0.12025-10-03
CVE-2025-33039 [HIGH] CWE-770 CVE-2025-33039: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following vers
nvd
CVE-2025-44006HIGHCVSS 7.1≥ 4.2.0.0, < 5.0.0.12025-10-03
CVE-2025-44006 [HIGH] CWE-770 CVE-2025-44006: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following vers
nvd
CVE-2025-33040HIGHCVSS 7.1≥ 4.2.0.0, < 5.0.0.12025-10-03
CVE-2025-33040 [HIGH] CWE-770 CVE-2025-33040: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following vers
nvd
CVE-2025-47210MEDIUMCVSS 5.3≥ 5.0.0.0, < 5.0.0.22025-10-03
CVE-2025-47210 [MEDIUM] CWE-476 CVE-2025-47210: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
nvd
CVE-2025-44010MEDIUMCVSS 5.3≥ 4.2.0.0, < 5.0.0.12025-10-03
CVE-2025-44010 [MEDIUM] CWE-476 CVE-2025-44010: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
nvd
CVE-2025-52867MEDIUMCVSS 6.0≥ 5.0.0.0, < 5.0.0.22025-10-03
CVE-2025-52867 [MEDIUM] CWE-400 CVE-2025-52867: An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a r An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
nvd
← Previous2 / 4Next →