Filtered by vendor Synology
Subscriptions
Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10442 | 2 Syncology, Synology | 5 Replication Service, Diskstation Manager, Diskstation Manager Unified Controller and 2 more | 2026-01-16 | 10 Critical |
| Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. | ||||
| CVE-2024-50630 | 1 Synology | 1 Drive Server | 2026-01-16 | 7.5 High |
| Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. | ||||
| CVE-2024-50631 | 1 Synology | 1 Drive Server | 2026-01-16 | 7.5 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors. | ||||
| CVE-2024-45538 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-12-05 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2024-45539 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-12-05 | 7.5 High |
| Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | ||||
| CVE-2024-5401 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-12-05 | 4.3 Medium |
| Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors. | ||||
| CVE-2025-29843 | 1 Synology | 2 File Station, Router Manager | 2025-12-05 | 5.4 Medium |
| A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files. | ||||
| CVE-2025-29844 | 1 Synology | 2 File Station, Router Manager | 2025-12-05 | 4.3 Medium |
| A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information. | ||||
| CVE-2025-29845 | 1 Synology | 1 Router Manager | 2025-12-05 | 4.3 Medium |
| A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files. | ||||
| CVE-2025-29846 | 1 Synology | 1 Router Manager | 2025-12-05 | 7.2 High |
| A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages. | ||||
| CVE-2025-54160 | 1 Synology | 1 Beedrive For Desktop | 2025-12-04 | 7.8 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2025-54159 | 1 Synology | 1 Beedrive For Desktop | 2025-12-04 | 7.5 High |
| Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors. | ||||
| CVE-2025-54158 | 1 Synology | 1 Beedrive For Desktop | 2025-12-04 | 7.8 High |
| Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2025-8074 | 1 Synology | 1 Beedrive For Desktop | 2025-12-04 | 5.6 Medium |
| Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors. | ||||
| CVE-2025-2848 | 1 Synology | 1 Mail Server | 2025-12-04 | 6.3 Medium |
| A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions. | ||||
| CVE-2025-1021 | 1 Synology | 1 Diskstation Manager | 2025-11-17 | 7.5 High |
| Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2024-10441 | 1 Synology | 2 Beestation Os, Diskstation Manager | 2025-11-17 | 9.8 Critical |
| Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2024-10444 | 1 Synology | 1 Diskstation Manager | 2025-11-17 | 7.5 High |
| Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2024-10445 | 1 Synology | 2 Beestation Os, Diskstation Manager | 2025-11-17 | 4.3 Medium |
| Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors. | ||||
| CVE-2024-50629 | 1 Synology | 2 Beestation Os, Diskstation Manager | 2025-11-17 | 5.3 Medium |
| Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors. | ||||