synology

329 tracked vulnerabilities.

CVE-2026-3091 MEDIUM
Synology Presto Client <2.1.3-0672 - DLL Hijacking
Feb 24, 2026
CVSS 6.7
EPSS 0.00
CVE-2025-8074 MEDIUM
Synology BeeDrive < 1.4.3-13973 - Arbitrary File Write via Origin Validation Error
Dec 04, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-54160 HIGH
Synology BeeDrive < 1.4.2-13960 - Local Arbitrary Code Execution via Path Traversal
Dec 04, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-54159 HIGH
Synology BeeDrive < 1.4.2-13960 - Unauthenticated Arbitrary File Deletion
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54158 HIGH
Synology BeeDrive < 1.4.2-13960 - Unauthenticated Arbitrary Code Execution
Dec 04, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-2848 MEDIUM
Synology Mail Server < 1.7.6-10676 - Authenticated Missing Authorization
Dec 04, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-29846 HIGH
Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via Portenable CGI
Dec 04, 2025
CVSS 7.2
EPSS 0.01
CVE-2025-29845 MEDIUM
Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via VideoPlayer2 Subtitle CGI
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-29844 MEDIUM
Synology Router Manager - Information Disclosure via FileStation File CGI
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-29843 MEDIUM
FileStation <thumb cgi - Info Disclosure
Dec 04, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-4679 MEDIUM
Synology Active Backup for Microsoft 365 - Info Disclosure
May 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1021 HIGH
Synology DiskStation Manager < 7.1.1-42962-8 - Unauthenticated Arbitrary File Read via synocopy
Apr 23, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-5401 MEDIUM
Synology DSM <7.1.1-42962-8, <7.2.1-69057-2, <7.2.2-72806 - Privile...
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-45539 HIGH
Synology DSM <7.2.1-69057-2,7.2.2-72806 - DoS
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-45538 CRITICAL
Synology DSM <7.2.1-69057-2,7.2.2-72806 & DSMUC <3.1.4-23079 - CSRF
Dec 04, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-13987 MEDIUM
Synology RADIUS Server < 3.0.27-0453 - Authenticated Cross-Site Scripting
Aug 29, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53288 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in NTP Region Functionality
Jul 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53287 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in VPN Setting
Jul 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53286 HIGH
Synology Router Manager < 1.3.1-9346 - Authenticated OS Command Injection in DDNS Record Functionality
Jul 23, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-50631 HIGH
Synology Drive Server < 3.0.4-12699 - SQL Injection in System Syncing Daemon
Mar 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-50630 HIGH
Synology Drive Server < 3.0.4-12699 - Unauthenticated Administrator Credential Exposure via WebAPI
Mar 19, 2025
CVSS 7.5
EPSS 0.03
CVE-2024-50629 MEDIUM
Synology BeeStation OS <1.1-65374 & DSM <7.1.1-42962-7,7.2-64570-4,...
Mar 19, 2025
CVSS 5.3
EPSS 0.03
CVE-2024-11131 CRITICAL
Synology BC500/CC400W/TC500 Firmware < 1.2.0-0525 - Out-of-bounds Read in Video Interface
Mar 19, 2025
CVSS 9.8
EPSS 0.06
CVE-2024-10442 CRITICAL
Synology Replication Service <1.0.12-0066, 1.2.2-0353, 1.3.0-0423 -...
Mar 19, 2025
CVSS 10.0
EPSS 0.15
CVE-2024-10445 MEDIUM
Synology BeeStation OS < 1.1-65374 and DiskStation Manager < 6.2.4-25556-8 - Improper Certificate Validation
Mar 19, 2025
CVSS 4.3
EPSS 0.00
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV