Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (305 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-27652 1 Synology 3 Diskstation Manager, Skynas, Skynas Firmware 2025-01-14 8.3 High
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27656 1 Synology 1 Diskstation Manager 2025-01-14 6.5 Medium
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
CVE-2023-2729 1 Synology 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager 2025-01-14 5.9 Medium
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
CVE-2018-13280 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
CVE-2019-14907 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-01-14 6.5 Medium
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
CVE-2021-26566 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 8.3 High
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
CVE-2017-12075 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2017-16774 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.
CVE-2021-43929 1 Synology 1 Diskstation Manager 2025-01-14 6.5 Medium
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2021-26562 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 9 Critical
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-26563 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-26564 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 8.3 High
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26567 2 Faad2 Project, Synology 8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more 2025-01-14 7.8 High
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
CVE-2021-26569 1 Synology 1 Diskstation Manager 2025-01-14 9.8 Critical
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2021-27646 1 Synology 1 Diskstation Manager 2025-01-14 9.8 Critical
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
CVE-2018-13291 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13293 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
CVE-2021-29084 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 7.5 High
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29083 1 Synology 1 Diskstation Manager 2025-01-14 7.2 High
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
CVE-2021-29087 1 Synology 2 Diskstation Manager, Diskstation Manager Unified Controller 2025-01-14 7.5 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.