CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53288
https://notcve.org/view.php?id=CVE-2024-53288
23 Jul 2025 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53287
https://notcve.org/view.php?id=CVE-2024-53287
23 Jul 2025 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53286
https://notcve.org/view.php?id=CVE-2024-53286
23 Jul 2025 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_16 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1021
https://notcve.org/view.php?id=CVE-2025-1021
23 Apr 2025 — Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors. La vulnerabilidad de autorización faltante en synocopy en Synology DiskStation Manager (DSM) anterior a 7.1.1-42962-8, 7.2.1-69057-7 y 7.2.2-72806-3 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_25_03 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50631 – Synology BeeStation BST150-4T SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50631
19 Mar 2025 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en system syncing daemon en Synology Drive Server anterior a 3.0.4-12699, 3.2.... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_21 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50630 – Synology BeeStation BST150-4T Improper Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2024-50630
19 Mar 2025 — Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. La vulnerabilidad de falta de autenticación para funciones críticas en el componente webapi en Synology Drive Server anterior a 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 y 3.5.1-26102 permite a atacantes remotos obtener credenciales de administrador a través de ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_21 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50629 – Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-50629
19 Mar 2025 — Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to read limited files via unspecified vectors. La vulnerabilidad de codificación o escape incorrecto de la salida en el componente webapi en Synology BeeStation Manager (BSM) ante... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11131 – Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11131
19 Mar 2025 — A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500. Se ha detectado una vulnerabilidad relacionada con la lectura fuera de los límites en la interfaz de vídeo. Esto permite a atacantes remotos ejecutar código arbitrario mediante vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_24 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10442 – Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-10442
19 Mar 2025 — Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. La vulnerabilidad de error de uno en uno en el componente de transmisión en Synology Replication Service anterior a 1.0.12-0066, 1.2.2-0353 y 1.3.0-0423 y Synology Unified Controll... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_22 • CWE-193: Off-by-one Error •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-10445 – Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-10445
19 Mar 2025 — Improper certificate validation vulnerability in the update functionality in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to write limited files via unspecified vectors. La vulnerabilidad de validación de certificado incorrecta en la funcionalidad de actualización en Synology BeeStation Manager (BSM) ant... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 • CWE-295: Improper Certificate Validation •