synology

352 tracked vulnerabilities.

CVE-2026-2237 MEDIUM
Synology Storage Manager < 1.0.1-1100 - Use of HTTP Request With Sensitive Query String
May 27, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-3091 MEDIUM
Synology Presto Client <2.1.3-0672 - DLL Hijacking
Feb 24, 2026
CVSS 6.7
EPSS 0.00
CVE-2025-66593 MEDIUM
Synology Assistant < 7.0.6-50085 - Origin Validation Error
May 27, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-66592 MEDIUM
Synology Active Backup For Business Agent < 3.1.0-4967 - Origin Validation Error
May 27, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-30028 HIGH
Synology Active Backup For Business - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
May 27, 2026
CVSS 8.6
EPSS 0.00
CVE-2025-14713 HIGH
Synology C2 Identity Edge Server < 1.76.0-0307 - Exposed Dangerous Method or Function
May 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-13593 MEDIUM
Synology ActiveProtect Agent < 1.1.0-0439 - Origin Validation Error
May 27, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-13392 HIGH
Synology DiskStation Manager (dsm) - Improper Check for Unusual or Exceptional Conditions
May 27, 2026
CVSS 8.1
EPSS 0.01
CVE-2025-13167 MEDIUM
Synology Contacts < 1.0.10-20659 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
May 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-12686 CRITICAL
Synology BeeStation Manager (bsm) - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
May 27, 2026
CVSS 9.8
EPSS 0.03
CVE-2025-10466 MEDIUM
Synology Safe Access < 1.3.1-0329 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
May 27, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-8074 MEDIUM
Synology BeeDrive < 1.4.3-13973 - Arbitrary File Write via Origin Validation Error
Dec 04, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-54160 HIGH
Synology BeeDrive < 1.4.2-13960 - Local Arbitrary Code Execution via Path Traversal
Dec 04, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-54159 HIGH
Synology BeeDrive < 1.4.2-13960 - Unauthenticated Arbitrary File Deletion
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54158 HIGH
Synology BeeDrive < 1.4.2-13960 - Unauthenticated Arbitrary Code Execution
Dec 04, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-2848 MEDIUM
Synology Mail Server < 1.7.6-10676 - Authenticated Missing Authorization
Dec 04, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-29846 HIGH
Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via Portenable CGI
Dec 04, 2025
CVSS 7.2
EPSS 0.01
CVE-2025-29845 MEDIUM
Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via VideoPlayer2 Subtitle CGI
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-29844 MEDIUM
Synology Router Manager - Information Disclosure via FileStation File CGI
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-29843 MEDIUM
FileStation <thumb cgi - Info Disclosure
Dec 04, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-4679 MEDIUM
Synology Active Backup for Microsoft 365 - Info Disclosure
May 16, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-1021 HIGH
Synology DiskStation Manager < 7.1.1-42962-8 - Unauthenticated Arbitrary File Read via synocopy
Apr 23, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-47273 MEDIUM
Synology Hyper Backup < 4.1.2-4036 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Jun 03, 2026
CVSS 4.3
EPSS 0.00
CVE-2024-47263 MEDIUM
Synology Hyper Backup < 4.1.2-4036 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Jun 03, 2026
CVSS 4.1
EPSS 0.00
CVE-2024-47272 LOW
Synology Surveillance Station - Incorrect Authorization
May 27, 2026
CVSS 2.7
EPSS 0.00