CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
2,235
Total CVEs
1,590
CISA KEV
41
Known Exploits
8.8
Avg CVSS Score
Showing 12 of 12 CVEs matching "QNAP" · HIGH · CISA KEV
QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.