Qnap Systems Inc Qts vulnerabilities
249 known vulnerabilities affecting qnap_systems_inc/qts.
Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3
Vulnerabilities
Page 12 of 13
CVE-2025-52430P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-52430 [MEDIUM] CWE-476 CVE-2025-52430: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and lat
nvd
CVE-2025-52431P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-52431 [MEDIUM] CWE-476 CVE-2025-52431: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and lat
nvd
CVE-2018-0719P4MEDIUMCVSS 5.5≥ unspecified, ≤ 4.2.62018-11-27
CVE-2018-0719 [MEDIUM] CWE-79 CVE-2018-0719: Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to
Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
nvd
CVE-2025-52858P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52858 [MEDIUM] CWE-476 CVE-2025-52858: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52862P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52862 [MEDIUM] CWE-476 CVE-2025-52862: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52860P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52860 [MEDIUM] CWE-476 CVE-2025-52860: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52866P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52866 [MEDIUM] CWE-476 CVE-2025-52866: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52428P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52428 [MEDIUM] CWE-476 CVE-2025-52428: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52432P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52432 [MEDIUM] CWE-476 CVE-2025-52432: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52853P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52853 [MEDIUM] CWE-476 CVE-2025-52853: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52859P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52859 [MEDIUM] CWE-476 CVE-2025-52859: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52855P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52855 [MEDIUM] CWE-476 CVE-2025-52855: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52854P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52854 [MEDIUM] CWE-476 CVE-2025-52854: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52857P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52857 [MEDIUM] CWE-476 CVE-2025-52857: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52433P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52433 [MEDIUM] CWE-476 CVE-2025-52433: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2023-45028P4MEDIUMCVSS 4.9≥ 5.1.x, < 5.1.5.2645 build 202401162024-02-02
CVE-2023-45028 [MEDIUM] CWE-400 CVE-2023-45028: An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operatin
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and
nvd
CVE-2025-53590P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-53590 [MEDIUM] CWE-476 CVE-2025-53590: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and late
nvd
CVE-2024-37048P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37048 [MEDIUM] CWE-476 CVE-2024-37048: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 an
nvd
CVE-2023-32970P4MEDIUMCVSS 4.9≥ 5.1.x, < 5.1.0.2444 build 20230629≥ 4.5.x, < 4.5.4.2467 build 202307182023-10-13
CVE-2023-32970 [MEDIUM] CWE-476 CVE-2023-32970: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h5.0.1.2515
nvd
CVE-2023-39301P4MEDIUMCVSS 4.3≥ 5.0.x, < 5.0.1.2514 build 20230906≥ 5.1.x, < 5.1.1.2491 build 202308152023-11-03
CVE-2023-39301 [MEDIUM] CWE-918 CVE-2023-39301: A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operatin
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build
nvd