This page lists publicly disclosed CVE vulnerabilities affecting qnap qes (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-2505 | If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | [email protected] | 2.3 | 0.29% | 2020-12-23 | 2026-06-16 |
| CVE-2020-2504 | If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | [email protected] | 5.8 | 1.02% | 2020-12-23 | 2026-06-16 |
| CVE-2020-2503 | If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | [email protected] | 9.0 | 0.78% | 2020-12-23 | 2026-06-16 |
| CVE-2020-2499 | A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later. | [email protected] | 6.3 | 1.36% | 2020-12-23 | 2026-06-16 |