This page lists publicly disclosed CVE vulnerabilities affecting synology drive_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-50631 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors. | [email protected] | 7.5 | 19.50% | 2025-03-19 | 2026-01-16 |
| CVE-2024-50630 | Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. | [email protected] | 7.5 | 17.77% | 2025-03-19 | 2026-01-16 |
| CVE-2018-13297 | Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | [email protected] | 5.3 | 1.49% | 2019-04-01 | 2024-11-21 |
| CVE-2018-8922 | Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. | [email protected] | 6.5 | 1.27% | 2018-06-01 | 2024-11-21 |
| CVE-2018-8921 | Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | [email protected] | 6.5 | 0.80% | 2018-06-01 | 2024-11-21 |
| CVE-2018-8910 | Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | [email protected] | 6.5 | 0.80% | 2018-05-10 | 2024-11-21 |