synology

329 tracked vulnerabilities.

CVE-2024-10444 HIGH
Synology DiskStation Manager < 7.1.1-42962-8 - Improper Certificate Validation in LDAP Utilities
Mar 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10441 CRITICAL
Synology BeeStation OS <1.1-65374 & DSM <7.2-64570-4, 7.2.1-69057-6...
Mar 19, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-47266 LOW
Synology Active Backup <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2024-47265 MEDIUM
Synology Active Backup <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-47264 MEDIUM
Synology Active Backup for Business <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 4.9
EPSS 0.01
CVE-2024-4464 HIGH
Synology Media Server <2.2.0-3325 - Auth Bypass
Dec 18, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-53285 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in DDNS Record Functionality
Dec 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-53284 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in WiFi Connect Setting
Dec 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-53283 MEDIUM
Synology Router Manager < 1.3.1-9346-10 - Authenticated Cross-Site Scripting in Port Forward Functionality
Dec 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-53282 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in WiFi Connect MAC Filter
Dec 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-53281 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in Network WOL Functionality
Dec 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-53280 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in Network Center Policy Route
Dec 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-53279 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in File Station
Dec 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-11398 HIGH
Synology Router Manager <1.3.1-9346-9 - Path Traversal
Dec 04, 2024
CVSS 8.1
EPSS 0.03
CVE-2024-10443 CRITICAL NUCLEI
Synology Photos < 1.6.2-0720 and BeePhotos < 1.1.0-10053 - OS Command Injection in Task Manager
Nov 15, 2024
CVSS 9.8
EPSS 0.76
CVE-2024-39350 HIGH
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authentication Bypass via RTSP Spoofing
Jun 28, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-39348 HIGH
Synology Router Manager < 1.2.5-8227 - Remote Code Execution via AirPrint Functionality
Jun 28, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-39347 MEDIUM
Synology Router Manager 1.2-1.2.5-8227 - Incorrect Default Permissions in Firewall Functionality
Jun 28, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-39352 MEDIUM
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authenticated Firmware Integrity Check Bypass
Jun 28, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-39351 HIGH
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authenticated OS Command Injection via NTP Configuration
Jun 28, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-39349 CRITICAL
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Remote Code Execution via Buffer Overflow in libjansson
Jun 28, 2024
CVSS 9.8
EPSS 0.04
CVE-2024-5463 MEDIUM
Synology BC500 and TC500 Firmware < 1.1.1-0383 - Classic Buffer Overflow in Login Component
Jun 04, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-29241 CRITICAL
Synology Surveillance Station < 9.2.0-9289 - Authenticated Missing Authorization in System WebAPI
Mar 28, 2024
CVSS 9.9
EPSS 0.01
CVE-2024-29240 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - DoS
Mar 28, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-29239 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
Mar 28, 2024
CVSS 5.4
EPSS 0.00
Products
diskstation_manager 96 router_manager 59 photo_station 33 vs960hd_firmware 22 diskstation_manager_unified_controller 20 surveillance_station 19 skynas 16 Synology Photo Station 13 skynas_firmware 13 calendar 11 bc500_firmware 9 tc500_firmware 9 download_station 8 active_backup_for_business_agent 7 drive_client 6 drive_server 6 media_server 6 video_station 6 dns_server 5 note_station 5 Photo Station 4 audio_station 4 beedrive 4 directory_server 4 radius_server 4 beestation_os 3 carddav_server 3 chat 3 file_station 3 mailplus_server 3
Quick Filters
Critical CVEs With Exploits In CISA KEV