Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-52431

Summary
Assigner-qnap
Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f
Published At-02 Jan, 2026 | 14:53
Updated At-02 Jan, 2026 | 19:23
Rejected At-
Credits

QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qnap
Assigner Org ID:2fd009eb-170a-4625-932b-17a53af1051f
Published At:02 Jan, 2026 | 14:53
Updated At:02 Jan, 2026 | 19:23
Rejected At:
â–¼CVE Numbering Authority (CNA)
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Affected Products
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Default Status
unaffected
Versions
Affected
  • From 5.2.x before 5.2.7.3256 build 20250913 (custom)
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QuTS hero
Default Status
unaffected
Versions
Affected
  • From h5.2.x before h5.2.7.3256 build 20250913 (custom)
  • From h5.3.x before h5.3.1.3250 build 20250912 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476
Type: CWE
CWE ID: CWE-476
Description: CWE-476
Metrics
VersionBase scoreBase severityVector
4.01.2LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
Version: 4.0
Base score: 1.2
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Configurations
Workarounds
Exploits
Credits
finder
coral
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-25-50
N/A
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-50
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@qnapsecurity.com.tw
Published At:02 Jan, 2026 | 15:16
Updated At:05 Jan, 2026 | 20:21

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.01.2LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 1.2
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2737
cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2782
cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2789
cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2802
cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2823
cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2851
cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2860
cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.1.2929
cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.1.2940
cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.2.2952
cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.3.3006
cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.4.3070
cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.4.3079
cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.5.3138
cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.6.3195
cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.3.0.3115
cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.3.0.3145
cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.3.0.3192
cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2737
cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2744
cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2782
cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2802
cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2823
cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2851
cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2860
cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.1.2930
cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.2.2950
cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.3.3006
cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.4.3070
cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.4.3079
cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.4.3092
cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.5.3145
cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.6.3195
cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.6.3229
cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarysecurity@qnapsecurity.com.tw
CWE ID: CWE-476
Type: Primary
Source: security@qnapsecurity.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qnap.com/en/security-advisory/qsa-25-50security@qnapsecurity.com.tw
Vendor Advisory
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-50
Source: security@qnapsecurity.com.tw
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

106Records found
CVE-2025-47207
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.30%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 15:16
Updated-14 Nov, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44011
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29886
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:14
Updated-18 Sep, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30268
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:16
Updated-02 Sep, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29889
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:14
Updated-19 Sep, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29876
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.97%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30272
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 26.02%
||
7 Day CHG+0.01%
Published-29 Aug, 2025 | 17:16
Updated-02 Sep, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29879
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:06
Updated-18 Sep, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29877
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.97%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-22490
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.97%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30263
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.65%
||
7 Day CHG+0.03%
Published-29 Aug, 2025 | 17:15
Updated-19 Sep, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54148
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.05% / 16.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54147
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.05% / 16.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54146
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.05% / 16.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53598
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-0.6||LOW
EPSS-0.05% / 16.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52855
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:11
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52859
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:12
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52865
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.15% / 35.30%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 15:15
Updated-14 Nov, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52857
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:12
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52860
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:12
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52866
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:14
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44013
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.20% / 42.34%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 14:52
Updated-05 Jan, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTSQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44010
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44008
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44009
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-48722
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.05% / 16.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:19
Updated-11 Feb, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-47210
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29878
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:06
Updated-18 Sep, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29873
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.97%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29874
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:04
Updated-18 Sep, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29888
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:14
Updated-19 Sep, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30266
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-0.6||LOW
EPSS-0.05% / 16.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:20
Updated-11 Feb, 2026 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-51368
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.31%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 16:26
Updated-11 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29875
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:05
Updated-18 Sep, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30262
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:15
Updated-19 Sep, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30274
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 26.02%
||
7 Day CHG+0.01%
Published-29 Aug, 2025 | 17:16
Updated-02 Sep, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30267
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:16
Updated-22 Sep, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29882
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:14
Updated-22 Sep, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30275
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:16
Updated-19 Sep, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29901
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 09:35
Updated-15 Sep, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-11845
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 33.61%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:30
Updated-25 Feb, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx4510-b0_firmwareex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50aax7501-b1_firmwarenebula_fwa510_firmwaregm4100-b0_firmwareex7501-b0_firmwarepm5100-t1dx3300-t1_firmwareex3510-b1nebula_lte3301-pluspm5100-t0_firmwarewx3401-b1_firmwarevmg3625-t50bpx3321-t1ex3501-t0_firmwarenebula_fwa505_firmwareex7710-b0_firmwaredx4510-b0nebula_fwa505nebula_lte3301-plus_firmwareee5301-00vmg4005-b60a_firmwareemg3525-t50b_firmwarepm3100-t0pm7300-t0_firmwareee3301-00pe3301-00dx5401-b1ex2210-t0_firmwaregm4100-b0px5301-t0ex5401-b1_firmwareemg3525-t50bex5510-b0_firmwarewx3100-t0dx5401-b1_firmwareex5601-t1ee3301-00_firmwarepm7300-t0pe5301-01lte3301-plus_firmwareex2210-t0wx5610-b0_firmwarevmg8623-t50b_firmwarenebula_fwa710_firmwarewx3401-b1wx5610-b0dx3301-t0ex3301-t0ex3510-b0pm7500-00_firmwarenebula_fwa515_firmwareee5301-00_firmwareex7501-b0ex5401-b1wx5600-t0_firmwarepm5100-t1_firmwareee6510-10ex3510-b1_firmwareex3500-t0ex3600-t0px5301-t0_firmwareex3300-t1_firmwaredx4510-b1scr_50axedx3301-t0_firmwareex3500-t0_firmwarevmg3625-t50b_firmwarepm7500-00vmg4005-b50a_firmwarevmg8623-t50bex5601-t0_firmwarewe3300-00_firmwarenebula_fwa515scr_50axe_firmwareex3301-t0_firmwarenebula_fwa710dx3300-t0ee6510-10_firmwarevmg4005-b60aex5601-t0dx3300-t1ex3510-b0_firmwareex7710-b0wx3100-t0_firmwareex3300-t0ex3300-t1nebula_fwa510we3300-00ex5512-t0_firmwarepm5100-t0wx5600-t0ex3300-t0_firmwareemg5523-t50b_firmwarepx3321-t1_firmwaredx4510-b1_firmwareex3501-t0pe5301-01_firmwareex3600-t0_firmwareax7501-b1lte3301-plusdx3300-t0_firmwarepe3301-00_firmwareemg5523-t50bpm3100-t0_firmwareVMG3625-T50B firmwareWX3100-T0 firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-1.03% / 77.62%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:34
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

Action-Not Available
Vendor-proftpdn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoraproftpdn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-11847
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 02:09
Updated-25 Feb, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx4510-b0_firmwareex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50aax7501-b1_firmwarenebula_fwa510_firmwaregm4100-b0_firmwareex7501-b0_firmwarepm5100-t1dx3300-t1_firmwareex3510-b1nebula_lte3301-pluspm5100-t0_firmwarewx3401-b1_firmwarevmg3625-t50bpx3321-t1ex3501-t0_firmwarenebula_fwa505_firmwareex7710-b0_firmwaredx4510-b0nebula_fwa505nebula_lte3301-plus_firmwareee5301-00vmg4005-b60a_firmwareemg3525-t50b_firmwarepm3100-t0pm7300-t0_firmwareee3301-00pe3301-00dx5401-b1ex2210-t0_firmwaregm4100-b0px5301-t0ex5401-b1_firmwareemg3525-t50bex5510-b0_firmwarewx3100-t0dx5401-b1_firmwareex5601-t1ee3301-00_firmwarepm7300-t0pe5301-01lte3301-plus_firmwareex2210-t0wx5610-b0_firmwarevmg8623-t50b_firmwarenebula_fwa710_firmwarewx3401-b1wx5610-b0dx3301-t0ex3301-t0ex3510-b0pm7500-00_firmwarenebula_fwa515_firmwareee5301-00_firmwareex7501-b0ex5401-b1wx5600-t0_firmwarepm5100-t1_firmwareee6510-10ex3510-b1_firmwareex3500-t0ex3600-t0px5301-t0_firmwareex3300-t1_firmwaredx4510-b1scr_50axedx3301-t0_firmwareex3500-t0_firmwarevmg3625-t50b_firmwarepm7500-00vmg4005-b50a_firmwarevmg8623-t50bex5601-t0_firmwarewe3300-00_firmwarenebula_fwa515scr_50axe_firmwareex3301-t0_firmwarenebula_fwa710dx3300-t0ee6510-10_firmwarevmg4005-b60aex5601-t0dx3300-t1ex3510-b0_firmwareex7710-b0wx3100-t0_firmwareex3300-t0ex3300-t1nebula_fwa510we3300-00ex5512-t0_firmwarepm5100-t0wx5600-t0ex3300-t0_firmwareemg5523-t50b_firmwarepx3321-t1_firmwaredx4510-b1_firmwareex3501-t0pe5301-01_firmwareex3600-t0_firmwareax7501-b1lte3301-plusdx3300-t0_firmwarepe3301-00_firmwareemg5523-t50bpm3100-t0_firmwareVMG3625-T50B firmwareWX3100-T0 firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-11848
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 02:14
Updated-25 Feb, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx4510-b0_firmwareex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50aax7501-b1_firmwaregm4100-b0_firmwareex7501-b0_firmwarepm5100-t1dx3300-t1_firmwareex3510-b1pm5100-t0_firmwarewx3401-b1_firmwarevmg3625-t50bpx3321-t1ex3501-t0_firmwareex7710-b0_firmwaredx4510-b0ee5301-00vmg4005-b60a_firmwareemg3525-t50b_firmwarepm3100-t0pm7300-t0_firmwareee3301-00pe3301-00dx5401-b1ex2210-t0_firmwaregm4100-b0px5301-t0ex5401-b1_firmwareemg3525-t50bex5510-b0_firmwarewx3100-t0dx5401-b1_firmwareex5601-t1ee3301-00_firmwarepm7300-t0pe5301-01ex2210-t0wx5610-b0_firmwarevmg8623-t50b_firmwarewx3401-b1wx5610-b0dx3301-t0ex3301-t0ex3510-b0pm7500-00_firmwareee5301-00_firmwareex7501-b0ex5401-b1wx5600-t0_firmwarepm5100-t1_firmwareee6510-10ex3510-b1_firmwareex3500-t0ex3600-t0px5301-t0_firmwareex3300-t1_firmwaredx4510-b1scr_50axedx3301-t0_firmwareex3500-t0_firmwarevmg3625-t50b_firmwarepm7500-00vmg4005-b50a_firmwarevmg8623-t50bex5601-t0_firmwarewe3300-00_firmwarescr_50axe_firmwareex3301-t0_firmwarevmg4005-b60adx3300-t0ee6510-10_firmwareex5601-t0dx3300-t1ex3510-b0_firmwareex7710-b0wx3100-t0_firmwareex3300-t0ex3300-t1we3300-00ex5512-t0_firmwarepm5100-t0wx5600-t0ex3300-t0_firmwareemg5523-t50b_firmwarepx3321-t1_firmwaredx4510-b1_firmwareex3501-t0pe5301-01_firmwareex3600-t0_firmwareax7501-b1dx3300-t0_firmwarepe3301-00_firmwareemg5523-t50bpm3100-t0_firmwareVMG3625-T50B firmwareWX3100-T0 firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14847
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-2.43% / 85.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 00:00
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

Action-Not Available
Vendor-openSUSEFedora ProjectSamba
Product-fedorasambaleapsamba
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-11846
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.13% / 31.90%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:37
Updated-25 Feb, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx4510-b0_firmwareex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50aax7501-b1_firmwarenebula_fwa510_firmwaregm4100-b0_firmwareex7501-b0_firmwarepm5100-t1dx3300-t1_firmwareex3510-b1nebula_lte3301-pluspm5100-t0_firmwarewx3401-b1_firmwarevmg3625-t50bpx3321-t1ex3501-t0_firmwarenebula_fwa505_firmwareex7710-b0_firmwaredx4510-b0nebula_fwa505nebula_lte3301-plus_firmwareee5301-00vmg4005-b60a_firmwareemg3525-t50b_firmwarepm3100-t0pm7300-t0_firmwareee3301-00pe3301-00dx5401-b1ex2210-t0_firmwaregm4100-b0px5301-t0ex5401-b1_firmwareemg3525-t50bex5510-b0_firmwarewx3100-t0dx5401-b1_firmwareex5601-t1ee3301-00_firmwarepm7300-t0pe5301-01lte3301-plus_firmwareex2210-t0wx5610-b0_firmwarevmg8623-t50b_firmwarenebula_fwa710_firmwarewx3401-b1wx5610-b0dx3301-t0ex3301-t0ex3510-b0pm7500-00_firmwarenebula_fwa515_firmwareee5301-00_firmwareex7501-b0ex5401-b1wx5600-t0_firmwarepm5100-t1_firmwareee6510-10ex3510-b1_firmwareex3500-t0ex3600-t0px5301-t0_firmwareex3300-t1_firmwaredx4510-b1scr_50axedx3301-t0_firmwareex3500-t0_firmwarevmg3625-t50b_firmwarepm7500-00vmg4005-b50a_firmwarevmg8623-t50bex5601-t0_firmwarewe3300-00_firmwarenebula_fwa515scr_50axe_firmwareex3301-t0_firmwarenebula_fwa710dx3300-t0ee6510-10_firmwarevmg4005-b60aex5601-t0dx3300-t1ex3510-b0_firmwareex7710-b0wx3100-t0_firmwareex3300-t0ex3300-t1nebula_fwa510we3300-00ex5512-t0_firmwarepm5100-t0wx5600-t0ex3300-t0_firmwareemg5523-t50b_firmwarepx3321-t1_firmwaredx4510-b1_firmwareex3501-t0pe5301-01_firmwareex3600-t0_firmwareax7501-b1lte3301-plusdx3300-t0_firmwarepe3301-00_firmwareemg5523-t50bpm3100-t0_firmwareVMG3625-T50B firmwareWX3100-T0 firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0845
Matching Score-4
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-4
Assigner-HashiCorp Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.39% / 60.32%
||
7 Day CHG~0.00%
Published-09 Mar, 2023 | 15:14
Updated-28 Feb, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Consul Server Panic when Ingress and API Gateways Configured with Peering

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-consulConsul EnterpriseConsul
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-33601
Matching Score-4
Assigner-Open-Xchange
ShareView Details
Matching Score-4
Assigner-Open-Xchange
CVSS Score-4.4||MEDIUM
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 09:37
Updated-27 Apr, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient validation of zonemd record

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Action-Not Available
Vendor-powerdnsPowerDNS
Product-recursorRecursor
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-33600
Matching Score-4
Assigner-Open-Xchange
ShareView Details
Matching Score-4
Assigner-Open-Xchange
CVSS Score-4.4||MEDIUM
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 09:33
Updated-27 Apr, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in RPZ transfer

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Action-Not Available
Vendor-powerdnsPowerDNS
Product-recursorRecursor
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-0401
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.36% / 58.04%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 14:55
Updated-26 Feb, 2026 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz370tz480nssp_15700tz570tz270tz80nsa_4700tz470wnsa_2800nsa_3700tz670tz470nssp_13700nssp_10700nsa_5700nsa_2700nsv470tz570wnsa_4800tz680tz270wnsa_6700nsv870nsv270nsa_5800tz580tz280sonicostz570pnsa_3800tz380nssp_11700tz370wSonicOS
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found