synology
352 tracked vulnerabilities.
CVE-2026-2237
MEDIUM
Synology Storage Manager < 1.0.1-1100 - Use of HTTP Request With Sensitive Query String
May 27, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-3091
MEDIUM
Synology Presto Client <2.1.3-0672 - DLL Hijacking
Feb 24, 2026
CVSS 6.7
EPSS 0.00
CVE-2025-66593
MEDIUM
Synology Assistant < 7.0.6-50085 - Origin Validation Error
May 27, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-66592
MEDIUM
Synology Active Backup For Business Agent < 3.1.0-4967 - Origin Validation Error
May 27, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-30028
HIGH
Synology Active Backup For Business - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
May 27, 2026
CVSS 8.6
EPSS 0.00
CVE-2025-14713
HIGH
Synology C2 Identity Edge Server < 1.76.0-0307 - Exposed Dangerous Method or Function
May 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-13593
MEDIUM
Synology ActiveProtect Agent < 1.1.0-0439 - Origin Validation Error
May 27, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-13392
HIGH
Synology DiskStation Manager (dsm) - Improper Check for Unusual or Exceptional Conditions
May 27, 2026
CVSS 8.1
EPSS 0.01
CVE-2025-13167
MEDIUM
Synology Contacts < 1.0.10-20659 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
May 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-12686
CRITICAL
Synology BeeStation Manager (bsm) - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
May 27, 2026
CVSS 9.8
EPSS 0.03
CVE-2025-10466
MEDIUM
Synology Safe Access < 1.3.1-0329 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
May 27, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-8074
MEDIUM
Synology BeeDrive < 1.4.3-13973 - Arbitrary File Write via Origin Validation Error
Dec 04, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-54160
HIGH
Synology BeeDrive < 1.4.2-13960 - Local Arbitrary Code Execution via Path Traversal
Dec 04, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-54159
HIGH
Synology BeeDrive < 1.4.2-13960 - Unauthenticated Arbitrary File Deletion
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54158
HIGH
Synology BeeDrive < 1.4.2-13960 - Unauthenticated Arbitrary Code Execution
Dec 04, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-2848
MEDIUM
Synology Mail Server < 1.7.6-10676 - Authenticated Missing Authorization
Dec 04, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-29846
HIGH
Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via Portenable CGI
Dec 04, 2025
CVSS 7.2
EPSS 0.01
CVE-2025-29845
MEDIUM
Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via VideoPlayer2 Subtitle CGI
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-29844
MEDIUM
Synology Router Manager - Information Disclosure via FileStation File CGI
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-29843
MEDIUM
FileStation <thumb cgi - Info Disclosure
Dec 04, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-4679
MEDIUM
Synology Active Backup for Microsoft 365 - Info Disclosure
May 16, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-1021
HIGH
Synology DiskStation Manager < 7.1.1-42962-8 - Unauthenticated Arbitrary File Read via synocopy
Apr 23, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-47273
MEDIUM
Synology Hyper Backup < 4.1.2-4036 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Jun 03, 2026
CVSS 4.3
EPSS 0.00
CVE-2024-47263
MEDIUM
Synology Hyper Backup < 4.1.2-4036 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Jun 03, 2026
CVSS 4.1
EPSS 0.00
CVE-2024-47272
LOW
Synology Surveillance Station - Incorrect Authorization
May 27, 2026
CVSS 2.7
EPSS 0.00
Products
diskstation_manager 97
router_manager 59
photo_station 33
surveillance_station 25
vs960hd_firmware 22
diskstation_manager_unified_controller 20
skynas 16
Synology Photo Station 13
skynas_firmware 13
calendar 11
bc500_firmware 9
tc500_firmware 9
active_backup_for_business_agent 8
download_station 8
Surveillance Station 6
beedrive 6
drive_client 6
drive_server 6
media_server 6
video_station 6
dns_server 5
note_station 5
ssl_vpn_client 5
Photo Station 4
audio_station 4
beestation_os 4
directory_server 4
radius_server 4
DiskStation Manager (DSM) 3
carddav_server 3
Quick Filters