synology

352 tracked vulnerabilities.

CVE-2024-47271 MEDIUM
Synology Surveillance Station - Insufficiently Protected Credentials
May 27, 2026
CVSS 4.9
EPSS 0.00
CVE-2024-47270 LOW
Synology Surveillance Station - Improper Preservation of Permissions
May 27, 2026
CVSS 2.7
EPSS 0.00
CVE-2024-47269 MEDIUM
Synology Surveillance Station - Cleartext Transmission of Sensitive Information
May 27, 2026
CVSS 4.9
EPSS 0.00
CVE-2024-47268 MEDIUM
Synology Surveillance Station - Missing Authorization
May 27, 2026
CVSS 4.9
EPSS 0.00
CVE-2024-47267 LOW
Synology Surveillance Station - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
May 27, 2026
CVSS 2.7
EPSS 0.00
CVE-2024-11399 MEDIUM
Synology BeeDrive For Desktop < 1.3.2-13814 - Files or Directories Accessible to External Parties
May 27, 2026
CVSS 6.8
EPSS 0.00
CVE-2024-5401 MEDIUM
Synology DSM <7.1.1-42962-8, <7.2.1-69057-2, <7.2.2-72806 - Privile...
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-45539 HIGH
Synology DSM <7.2.1-69057-2,7.2.2-72806 - DoS
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-45538 CRITICAL
Synology DSM <7.2.1-69057-2,7.2.2-72806 & DSMUC <3.1.4-23079 - CSRF
Dec 04, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-13987 MEDIUM
Synology RADIUS Server < 3.0.27-0453 - Authenticated Cross-Site Scripting
Aug 29, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53288 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in NTP Region Functionality
Jul 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53287 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in VPN Setting
Jul 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53286 HIGH
Synology Router Manager < 1.3.1-9346 - Authenticated OS Command Injection in DDNS Record Functionality
Jul 23, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-50631 HIGH
Synology Drive Server < 3.0.4-12699 - SQL Injection in System Syncing Daemon
Mar 19, 2025
CVSS 7.5
EPSS 0.25
CVE-2024-50630 HIGH
Synology Drive Server < 3.0.4-12699 - Unauthenticated Administrator Credential Exposure via WebAPI
Mar 19, 2025
CVSS 7.5
EPSS 0.23
CVE-2024-50629 MEDIUM
Synology BeeStation OS <1.1-65374 & DSM <7.1.1-42962-7,7.2-64570-4,...
Mar 19, 2025
CVSS 5.3
EPSS 0.27
CVE-2024-11131 CRITICAL
Synology BC500/CC400W/TC500 Firmware < 1.2.0-0525 - Out-of-bounds Read in Video Interface
Mar 19, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10442 CRITICAL
Synology Replication Service <1.0.12-0066, 1.2.2-0353, 1.3.0-0423 -...
Mar 19, 2025
CVSS 10.0
EPSS 0.01
CVE-2024-10445 MEDIUM
Synology BeeStation OS < 1.1-65374 and DiskStation Manager < 6.2.4-25556-8 - Improper Certificate Validation
Mar 19, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-10444 HIGH
Synology DiskStation Manager < 7.1.1-42962-8 - Improper Certificate Validation in LDAP Utilities
Mar 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10441 CRITICAL
Synology BeeStation OS <1.1-65374 & DSM <7.2-64570-4, 7.2.1-69057-6...
Mar 19, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-47266 LOW
Synology Active Backup <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2024-47265 MEDIUM
Synology Active Backup <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-47264 MEDIUM
Synology Active Backup for Business <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 4.9
EPSS 0.01
CVE-2024-4464 HIGH
Synology Media Server <2.2.0-3325 - Auth Bypass
Dec 18, 2024
CVSS 7.5
EPSS 0.01