CVE Tools

synology inc.

Hardware FirmwareUScommercial

22

Cumulative CVEs

3

Monthly snapshots

#63

Peak rank

Top products

diskstation manager (dsm)4 beestation manager (bsm)3 beestation os2

Latest CVEs

The 15 most recently published vulnerabilities affecting synology inc..

CVE-2025-12686Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code vi...9.8May 27, 2026
CVE-2025-10466Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with ad...5.9May 27, 2026
CVE-2021-47961A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lea...8.1Apr 10, 2026
CVE-2021-47960A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a loca...6.5Apr 10, 2026
CVE-2025-2848A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.6.3Dec 4, 2025
CVE-2025-29846A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.7.2Dec 4, 2025
CVE-2025-29845A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.4.3Dec 4, 2025
CVE-2025-29843A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.5.4Dec 4, 2025
CVE-2024-53288Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote au...5.9Jul 23, 2025
CVE-2024-53287Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote a...5.9Jul 23, 2025
CVE-2024-53286Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows re...7.2Jul 23, 2025
CVE-2025-4679A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.6.5May 16, 2025
CVE-2025-1021Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspe...7.5Apr 23, 2025
CVE-2024-50630Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to o...7.5Mar 19, 2025
CVE-2024-50629Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570...5.3Mar 19, 2025