Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.5

    CRITICAL
    CVE-2024-48860

    An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 7.9

    HIGH
    CVE-2024-38647

    An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following v... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 8.4

    HIGH
    CVE-2024-38646

    An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resour... Read more

    Affected Products : notes_station_3
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.4

    CRITICAL
    CVE-2024-38645

    A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following ... Read more

    Affected Products : notes_station_3
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 8.7

    HIGH
    CVE-2024-38644

    An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Sta... Read more

    Affected Products : notes_station_3
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.3

    CRITICAL
    CVE-2024-38643

    A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerabilit... Read more

    Affected Products : notes_station_3
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37050

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have alre... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37049

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have alre... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37048

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We ... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37047

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have alre... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 2.1

    LOW
    CVE-2024-37046

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensit... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37045

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We ... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37044

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have alre... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37043

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensit... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37042

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We ... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-37041

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have alre... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.3

    MEDIUM
    CVE-2024-32770

    A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the follow... Read more

    Affected Products : photo_station
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.3

    MEDIUM
    CVE-2024-32769

    A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the follow... Read more

    Affected Products : photo_station
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.3

    MEDIUM
    CVE-2024-32768

    A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the follow... Read more

    Affected Products : photo_station
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.3

    MEDIUM
    CVE-2024-32767

    A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the follow... Read more

    Affected Products : photo_station
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024
Showing 20 of 291269 Results