Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13392 | 1 Synology | 1 Diskstation Manager | 2026-06-02 | N/A | 8.1 HIGH |
| Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN). | |||||
| CVE-2025-14713 | 1 Synology | 2 C2 Identity Edge Server, Diskstation Manager | 2026-06-02 | N/A | 7.5 HIGH |
| An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server. | |||||
| CVE-2025-30028 | 1 Synology | 2 Active Backup For Business, Diskstation Manager | 2026-06-02 | N/A | 8.6 HIGH |
| A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files. | |||||
| CVE-2026-2237 | 1 Synology | 2 Diskstation Manager, Storage Manager | 2026-06-02 | N/A | 6.2 MEDIUM |
| A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2026-05-28 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2024-47267 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 2.7 LOW |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | |||||
| CVE-2024-47268 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 4.9 MEDIUM |
| Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-47269 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 4.9 MEDIUM |
| Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-47270 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 2.7 LOW |
| Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | |||||
| CVE-2024-47271 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 4.9 MEDIUM |
| Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-47272 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | N/A | 2.7 LOW |
| Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | |||||
| CVE-2025-13167 | 1 Synology | 2 Contacts, Diskstation Manager | 2026-05-28 | N/A | 5.4 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors. | |||||
| CVE-2017-14491 | 13 Arista, Arubanetworks, Canonical and 10 more | 29 Eos, Arubaos, Ubuntu Linux and 26 more | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | |||||
| CVE-2017-12076 | 1 Synology | 1 Diskstation Manager | 2026-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | |||||
| CVE-2017-15889 | 1 Synology | 1 Diskstation Manager | 2026-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | |||||
| CVE-2017-15894 | 1 Synology | 1 Diskstation Manager | 2026-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | |||||
| CVE-2017-16766 | 1 Synology | 1 Diskstation Manager | 2026-05-13 | 6.4 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | |||||
| CVE-2017-9553 | 1 Synology | 1 Diskstation Manager | 2026-05-13 | 4.3 MEDIUM | 7.5 HIGH |
| A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | |||||
| CVE-2017-9554 | 1 Synology | 1 Diskstation Manager | 2026-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | |||||
| CVE-2015-4655 | 1 Synology | 1 Diskstation Manager | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi. | |||||