Qnap Systems Inc Qumagie vulnerabilities
13 known vulnerabilities affecting qnap_systems_inc/qumagie.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH9MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-44083P2CRITICALCVSS 9.8≥ 2.9.0, < 2.9.12026-06-09
CVE-2026-44083 [CRITICAL] CWE-639 CVE-2026-44083: An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagi
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges.
We have already fixed the vulnerability in the following version:
QuMagie 2.9.1 and later
nvd
CVE-2025-52425P2CRITICALCVSS 9.8≥ 2.7.x, < 2.7.02025-11-07
CVE-2025-52425 [CRITICAL] CWE-89 CVE-2025-52425: An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit th
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QuMagie 2.7.0 and later
nvd
CVE-2023-39295P2HIGHCVSS 8.8≥ 2.1.x, < 2.1.32023-11-10
CVE-2023-39295 [HIGH] CWE-78 CVE-2023-39295: An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnera
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.3 and later
nvd
CVE-2023-47560P3HIGHCVSS 8.8≥ 2.2.x, < 2.2.12024-01-05
CVE-2023-47560 [HIGH] CWE-77 CVE-2023-47560: An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnera
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
nvd
CVE-2023-41284P3HIGHCVSS 8.8≥ 2.1.x, < 2.1.42023-11-10
CVE-2023-41284 [HIGH] CWE-89 CVE-2023-41284: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
nvd
CVE-2023-41285P3HIGHCVSS 8.8≥ 2.1.x, < 2.1.42023-11-10
CVE-2023-41285 [HIGH] CWE-89 CVE-2023-41285: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
nvd
CVE-2023-47219P3HIGHCVSS 8.8≥ 2.2.x, < 2.2.12024-01-05
CVE-2023-47219 [HIGH] CWE-89 CVE-2023-47219: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
nvd
CVE-2026-26237P3HIGHCVSS 7.5≥ 2.9.0, < 2.9.12026-06-10
CVE-2026-26237 [HIGH] CWE-359 CVE-2026-26237: A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
nvd
CVE-2026-26236P3HIGHCVSS 7.5≥ 2.9.0, < 2.9.12026-06-09
CVE-2026-26236 [HIGH] CWE-862 CVE-2026-26236: A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
nvd
CVE-2025-58464P3HIGHCVSS 7.5≥ 2.7.x, < 2.7.32025-11-07
CVE-2025-58464 [HIGH] CWE-23 CVE-2025-58464: A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, t
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
QuMagie 2.7.3 and later
nvd
CVE-2024-38642P3HIGHCVSS 7.8≥ 2.3.x, < 2.3.12024-09-06
CVE-2024-38642 [HIGH] CWE-295 CVE-2024-38642: An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited,
An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.
We have already fixed the vulnerability in the following version:
QuMagie 2.3.1 and later
nvd
CVE-2025-62857P4MEDIUMCVSS 6.1≥ 2.x, < 2.8.12026-01-02
CVE-2025-62857 [MEDIUM] CWE-79 CVE-2025-62857: A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
QuMagie 2.8.1 and later
nvd
CVE-2023-47559P4MEDIUMCVSS 5.4≥ 2.2.x, < 2.2.12024-01-05
CVE-2023-47559 [MEDIUM] CWE-79 CVE-2023-47559: A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vu
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
nvd