Filtered by vendor Synology
Subscriptions
Filtered by product Diskstation Manager
Subscriptions
Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13392 | 1 Synology | 1 Diskstation Manager | 2026-06-02 | 8.1 High |
| Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN). | ||||
| CVE-2025-14713 | 1 Synology | 2 C2 Identity Edge Server, Diskstation Manager | 2026-06-02 | 7.5 High |
| An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server. | ||||
| CVE-2025-30028 | 1 Synology | 2 Active Backup For Business, Diskstation Manager | 2026-06-02 | 8.6 High |
| A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files. | ||||
| CVE-2026-2237 | 1 Synology | 2 Diskstation Manager, Storage Manager | 2026-06-02 | 6.2 Medium |
| A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information. | ||||
| CVE-2025-13167 | 1 Synology | 3 Contacts, Diskstation Manager, Synology Contacts | 2026-05-29 | 5.4 Medium |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors. | ||||
| CVE-2024-47267 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | 2.7 Low |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | ||||
| CVE-2024-47268 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | 4.9 Medium |
| Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | ||||
| CVE-2024-47269 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | 4.9 Medium |
| Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | ||||
| CVE-2024-47270 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | 2.7 Low |
| Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | ||||
| CVE-2024-47271 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | 4.9 Medium |
| Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | ||||
| CVE-2024-47272 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2026-05-28 | 2.7 Low |
| Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | ||||
| CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2026-05-28 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2024-47264 | 1 Synology | 3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager | 2026-02-26 | 4.9 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors. | ||||
| CVE-2024-47265 | 1 Synology | 3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager | 2026-02-26 | 6.5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors. | ||||
| CVE-2024-47266 | 1 Synology | 3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager | 2026-02-26 | 2.7 Low |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors. | ||||
| CVE-2018-1160 | 3 Debian, Netatalk, Synology | 7 Debian Linux, Netatalk, Diskstation Manager and 4 more | 2026-02-13 | 9.8 Critical |
| Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | ||||
| CVE-2025-2848 | 1 Synology | 2 Diskstation Manager, Mail Server | 2026-02-09 | 6.3 Medium |
| A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions. | ||||
| CVE-2024-10442 | 2 Syncology, Synology | 5 Replication Service, Diskstation Manager, Diskstation Manager Unified Controller and 2 more | 2026-01-16 | 10 Critical |
| Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. | ||||
| CVE-2024-45538 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-12-05 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2024-45539 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-12-05 | 7.5 High |
| Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | ||||