synology
352 tracked vulnerabilities.
CVE-2024-47271
MEDIUM
Synology Surveillance Station - Insufficiently Protected Credentials
May 27, 2026
CVSS 4.9
EPSS 0.00
CVE-2024-47270
LOW
Synology Surveillance Station - Improper Preservation of Permissions
May 27, 2026
CVSS 2.7
EPSS 0.00
CVE-2024-47269
MEDIUM
Synology Surveillance Station - Cleartext Transmission of Sensitive Information
May 27, 2026
CVSS 4.9
EPSS 0.00
CVE-2024-47268
MEDIUM
Synology Surveillance Station - Missing Authorization
May 27, 2026
CVSS 4.9
EPSS 0.00
CVE-2024-47267
LOW
Synology Surveillance Station - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
May 27, 2026
CVSS 2.7
EPSS 0.00
CVE-2024-11399
MEDIUM
Synology BeeDrive For Desktop < 1.3.2-13814 - Files or Directories Accessible to External Parties
May 27, 2026
CVSS 6.8
EPSS 0.00
CVE-2024-5401
MEDIUM
Synology DSM <7.1.1-42962-8, <7.2.1-69057-2, <7.2.2-72806 - Privile...
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-45539
HIGH
Synology DSM <7.2.1-69057-2,7.2.2-72806 - DoS
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-45538
CRITICAL
Synology DSM <7.2.1-69057-2,7.2.2-72806 & DSMUC <3.1.4-23079 - CSRF
Dec 04, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-13987
MEDIUM
Synology RADIUS Server < 3.0.27-0453 - Authenticated Cross-Site Scripting
Aug 29, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53288
MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in NTP Region Functionality
Jul 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53287
MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in VPN Setting
Jul 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-53286
HIGH
Synology Router Manager < 1.3.1-9346 - Authenticated OS Command Injection in DDNS Record Functionality
Jul 23, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-50631
HIGH
Synology Drive Server < 3.0.4-12699 - SQL Injection in System Syncing Daemon
Mar 19, 2025
CVSS 7.5
EPSS 0.25
CVE-2024-50630
HIGH
Synology Drive Server < 3.0.4-12699 - Unauthenticated Administrator Credential Exposure via WebAPI
Mar 19, 2025
CVSS 7.5
EPSS 0.23
CVE-2024-50629
MEDIUM
Synology BeeStation OS <1.1-65374 & DSM <7.1.1-42962-7,7.2-64570-4,...
Mar 19, 2025
CVSS 5.3
EPSS 0.27
CVE-2024-11131
CRITICAL
Synology BC500/CC400W/TC500 Firmware < 1.2.0-0525 - Out-of-bounds Read in Video Interface
Mar 19, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10442
CRITICAL
Synology Replication Service <1.0.12-0066, 1.2.2-0353, 1.3.0-0423 -...
Mar 19, 2025
CVSS 10.0
EPSS 0.01
CVE-2024-10445
MEDIUM
Synology BeeStation OS < 1.1-65374 and DiskStation Manager < 6.2.4-25556-8 - Improper Certificate Validation
Mar 19, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-10444
HIGH
Synology DiskStation Manager < 7.1.1-42962-8 - Improper Certificate Validation in LDAP Utilities
Mar 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10441
CRITICAL
Synology BeeStation OS <1.1-65374 & DSM <7.2-64570-4, 7.2.1-69057-6...
Mar 19, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-47266
LOW
Synology Active Backup <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2024-47265
MEDIUM
Synology Active Backup <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-47264
MEDIUM
Synology Active Backup for Business <2.7.1-3234 - Path Traversal
Feb 13, 2025
CVSS 4.9
EPSS 0.01
CVE-2024-4464
HIGH
Synology Media Server <2.2.0-3325 - Auth Bypass
Dec 18, 2024
CVSS 7.5
EPSS 0.01
Products
diskstation_manager 97
router_manager 59
photo_station 33
surveillance_station 25
vs960hd_firmware 22
diskstation_manager_unified_controller 20
skynas 16
Synology Photo Station 13
skynas_firmware 13
calendar 11
bc500_firmware 9
tc500_firmware 9
active_backup_for_business_agent 8
download_station 8
Surveillance Station 6
beedrive 6
drive_client 6
drive_server 6
media_server 6
video_station 6
dns_server 5
note_station 5
ssl_vpn_client 5
Photo Station 4
audio_station 4
beestation_os 4
directory_server 4
radius_server 4
DiskStation Manager (DSM) 3
carddav_server 3
Quick Filters